| apiVersion: v1 |
| kind: Namespace |
| metadata: |
| labels: |
| control-plane: controller-manager |
| name: sonataflow-operator-system |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| controller-gen.kubebuilder.io/version: v0.9.2 |
| creationTimestamp: null |
| name: sonataflowbuilds.sonataflow.org |
| spec: |
| group: sonataflow.org |
| names: |
| kind: SonataFlowBuild |
| listKind: SonataFlowBuildList |
| plural: sonataflowbuilds |
| shortNames: |
| - sfb |
| - sfbuild |
| - sfbuilds |
| singular: sonataflowbuild |
| scope: Namespaced |
| versions: |
| - additionalPrinterColumns: |
| - jsonPath: .status.imageTag |
| name: Image |
| type: string |
| - jsonPath: .status.buildPhase |
| name: Phase |
| type: string |
| name: v1alpha08 |
| schema: |
| openAPIV3Schema: |
| description: SonataFlowBuild is an internal custom resource to control workflow |
| build instances in the target platform |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: SonataFlowBuildSpec define the desired state of th SonataFlowBuild. |
| properties: |
| arguments: |
| description: 'Arguments lists the command line arguments to send to |
| the internal builder command. Depending on the build method you |
| might set this attribute instead of BuildArgs. For example: ".spec.arguments=verbose=3". |
| Please see the SonataFlow guides.' |
| items: |
| type: string |
| type: array |
| buildArgs: |
| description: Optional build arguments that can be set to the internal |
| build (e.g. Docker ARG) |
| items: |
| description: EnvVar represents an environment variable present in |
| a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are expanded using |
| the previously defined environment variables in the container |
| and any service environment variables. If a variable cannot |
| be resolved, the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the |
| string literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists or |
| not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's value. Cannot |
| be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap or its key |
| must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports metadata.name, |
| metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, status.hostIP, |
| status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath is |
| written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in the specified |
| API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: only |
| resources limits and requests (limits.cpu, limits.memory, |
| limits.ephemeral-storage, requests.cpu, requests.memory |
| and requests.ephemeral-storage) are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of the exposed |
| resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must |
| be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envs: |
| description: Optional environment variables to add to the internal |
| build |
| items: |
| description: EnvVar represents an environment variable present in |
| a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are expanded using |
| the previously defined environment variables in the container |
| and any service environment variables. If a variable cannot |
| be resolved, the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the |
| string literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists or |
| not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's value. Cannot |
| be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap or its key |
| must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports metadata.name, |
| metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, status.hostIP, |
| status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath is |
| written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in the specified |
| API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: only |
| resources limits and requests (limits.cpu, limits.memory, |
| limits.ephemeral-storage, requests.cpu, requests.memory |
| and requests.ephemeral-storage) are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of the exposed |
| resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must |
| be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| resources: |
| description: Resources optional compute resource requirements for |
| the builder |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined in |
| spec.resourceClaims, that are used by this container. \n This |
| is an alpha field and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It can only be set |
| for containers." |
| items: |
| description: ResourceClaim references one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry in pod.spec.resourceClaims |
| of the Pod where this field is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of compute resources |
| allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount of compute |
| resources required. If Requests is omitted for a container, |
| it defaults to Limits if that is explicitly specified, otherwise |
| to an implementation-defined value. Requests cannot exceed Limits. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| timeout: |
| description: Timeout defines the Build maximum execution duration. |
| The Build deadline is set to the Build start time plus the Timeout |
| duration. If the Build deadline is exceeded, the Build context is |
| canceled, and its phase set to BuildPhaseFailed. |
| format: duration |
| type: string |
| type: object |
| status: |
| description: SonataFlowBuildStatus defines the observed state of SonataFlowBuild |
| properties: |
| buildPhase: |
| description: BuildPhase Current phase of the build |
| type: string |
| error: |
| description: Error Last error found during build |
| type: string |
| imageTag: |
| description: ImageTag The final image tag produced by this build instance |
| type: string |
| innerBuild: |
| description: InnerBuild is a reference to an internal build object, |
| which can be anything known only to internal builders. |
| type: object |
| x-kubernetes-preserve-unknown-fields: true |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| status: {} |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| controller-gen.kubebuilder.io/version: v0.9.2 |
| creationTimestamp: null |
| name: sonataflowplatforms.sonataflow.org |
| spec: |
| group: sonataflow.org |
| names: |
| kind: SonataFlowPlatform |
| listKind: SonataFlowPlatformList |
| plural: sonataflowplatforms |
| shortNames: |
| - sfp |
| - sfplatform |
| - sfplatforms |
| singular: sonataflowplatform |
| scope: Namespaced |
| versions: |
| - additionalPrinterColumns: |
| - jsonPath: .status.cluster |
| name: Cluster |
| type: string |
| - jsonPath: .status.conditions[?(@.type=='Succeed')].status |
| name: Ready |
| type: string |
| - jsonPath: .status.conditions[?(@.type=='Succeed')].reason |
| name: Reason |
| type: string |
| name: v1alpha08 |
| schema: |
| openAPIV3Schema: |
| description: SonataFlowPlatform is the descriptor for the workflow platform |
| infrastructure. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: SonataFlowPlatformSpec defines the desired state of SonataFlowPlatform |
| properties: |
| build: |
| description: Build Attributes for building workflows in the target |
| platform |
| properties: |
| config: |
| description: Describes the platform configuration for building |
| workflows. |
| properties: |
| baseImage: |
| description: a base image that can be used as base layer for |
| all images. It can be useful if you want to provide some |
| custom base image with further utility software |
| type: string |
| registry: |
| description: Registry the registry where to publish the built |
| image |
| properties: |
| address: |
| description: the URI to access |
| type: string |
| ca: |
| description: the configmap which stores the Certificate |
| Authority |
| type: string |
| insecure: |
| description: if the container registry is insecure (ie, |
| http only) |
| type: boolean |
| organization: |
| description: the registry organization |
| type: string |
| secret: |
| description: the secret where credentials are stored |
| type: string |
| type: object |
| strategy: |
| description: BuildStrategy to use to build workflows in the |
| platform. Usually, the operator elect the strategy based |
| on the platform. Note that this field might be read only |
| in certain scenarios. |
| type: string |
| strategyOptions: |
| additionalProperties: |
| type: string |
| description: BuildStrategyOptions additional options to add |
| to the build strategy. See https://sonataflow.org/serverlessworkflow/main/cloud/operator/build-and-deploy-workflows.html |
| type: object |
| timeout: |
| description: how much time to wait before time out the build |
| process |
| type: string |
| type: object |
| template: |
| description: Describes a build template for building workflows. |
| Base for the internal SonataFlowBuild resource. |
| properties: |
| arguments: |
| description: 'Arguments lists the command line arguments to |
| send to the internal builder command. Depending on the build |
| method you might set this attribute instead of BuildArgs. |
| For example: ".spec.arguments=verbose=3". Please see the |
| SonataFlow guides.' |
| items: |
| type: string |
| type: array |
| buildArgs: |
| description: Optional build arguments that can be set to the |
| internal build (e.g. Docker ARG) |
| items: |
| description: EnvVar represents an environment variable present |
| in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are expanded |
| using the previously defined environment variables |
| in the container and any service environment variables. |
| If a variable cannot be resolved, the reference in |
| the input string will be unchanged. Double $$ are |
| reduced to a single $, which allows for escaping the |
| $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's value. |
| Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap or |
| its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the pod's |
| namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its |
| key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envs: |
| description: Optional environment variables to add to the |
| internal build |
| items: |
| description: EnvVar represents an environment variable present |
| in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are expanded |
| using the previously defined environment variables |
| in the container and any service environment variables. |
| If a variable cannot be resolved, the reference in |
| the input string will be unchanged. Double $$ are |
| reduced to a single $, which allows for escaping the |
| $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's value. |
| Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap or |
| its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the pod's |
| namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its |
| key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| resources: |
| description: Resources optional compute resource requirements |
| for the builder |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where this |
| field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of compute |
| resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount of |
| compute resources required. If Requests is omitted for |
| a container, it defaults to Limits if that is explicitly |
| specified, otherwise to an implementation-defined value. |
| Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| timeout: |
| description: Timeout defines the Build maximum execution duration. |
| The Build deadline is set to the Build start time plus the |
| Timeout duration. If the Build deadline is exceeded, the |
| Build context is canceled, and its phase set to BuildPhaseFailed. |
| format: duration |
| type: string |
| type: object |
| type: object |
| devMode: |
| description: DevMode Attributes for running workflows in devmode (immutable, |
| no build required) |
| properties: |
| baseImage: |
| description: Base image to run the Workflow in dev mode instead |
| of the operator's default. |
| type: string |
| type: object |
| services: |
| description: 'Services attributes for deploying supporting applications |
| like Data Index. Only workflows with the proper annotation will |
| be configured to use these service(s). `sonataflow.org/profile: |
| prod`' |
| properties: |
| dataIndex: |
| description: Deploys the Data Index service for use by "prod" |
| profile workflows. |
| properties: |
| enabled: |
| description: Determines whether "prod" profile workflows should |
| be configured to use this service |
| type: boolean |
| persistence: |
| description: Persists service to a datasource of choice. Ephemeral |
| by default. |
| maxProperties: 1 |
| properties: |
| postgresql: |
| description: Connect configured services to a postgresql |
| database. |
| maxProperties: 2 |
| minProperties: 2 |
| properties: |
| jdbcUrl: |
| description: PostgreSql JDBC URL. Mutually exclusive |
| to serviceRef. e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service" |
| type: string |
| secretRef: |
| description: Secret reference to the database user |
| credentials |
| properties: |
| name: |
| description: Name of the postgresql credentials |
| secret. |
| type: string |
| passwordKey: |
| description: Defaults to POSTGRESQL_PASSWORD |
| type: string |
| userKey: |
| description: Defaults to POSTGRESQL_USER |
| type: string |
| required: |
| - name |
| type: object |
| serviceRef: |
| description: Service reference to postgresql datasource. |
| Mutually exclusive to jdbcUrl. |
| properties: |
| databaseName: |
| description: Name of postgresql database to be |
| used. Defaults to "sonataflow" |
| type: string |
| databaseSchema: |
| description: Schema of postgresql database to |
| be used. Defaults to "data-index-service" |
| type: string |
| name: |
| description: Name of the postgresql k8s service. |
| type: string |
| namespace: |
| description: Namespace of the postgresql k8s service. |
| Defaults to the SonataFlowPlatform's local namespace. |
| type: string |
| port: |
| description: Port to use when connecting to the |
| postgresql k8s service. Defaults to 5432. |
| type: integer |
| required: |
| - name |
| type: object |
| required: |
| - secretRef |
| type: object |
| type: object |
| podTemplate: |
| description: PodTemplate describes the deployment details |
| of this platform service instance. |
| properties: |
| activeDeadlineSeconds: |
| description: Optional duration in seconds the pod may |
| be active on the node relative to StartTime before the |
| system will actively try to mark it failed and kill |
| associated containers. Value must be a positive integer. |
| format: int64 |
| type: integer |
| affinity: |
| description: If specified, the pod's scheduling constraints |
| properties: |
| nodeAffinity: |
| description: Describes node affinity scheduling rules |
| for the pod. |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a |
| node that violates one or more of the expressions. |
| The node that is most preferred is the one with |
| the greatest sum of weights, i.e. for each node |
| that meets all of the scheduling requirements |
| (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by |
| iterating through the elements of this field |
| and adding "weight" to the sum if the node matches |
| the corresponding matchExpressions; the node(s) |
| with the highest sum are the most preferred. |
| items: |
| description: An empty preferred scheduling term |
| matches all objects with implicit weight 0 |
| (i.e. it's a no-op). A null preferred scheduling |
| term matches no objects (i.e. is also a no-op). |
| properties: |
| preference: |
| description: A node selector term, associated |
| with the corresponding weight. |
| properties: |
| matchExpressions: |
| description: A list of node selector |
| requirements by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector |
| requirements by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| weight: |
| description: Weight associated with matching |
| the corresponding nodeSelectorTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - preference |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, |
| the pod will not be scheduled onto the node. |
| If the affinity requirements specified by this |
| field cease to be met at some point during pod |
| execution (e.g. due to an update), the system |
| may or may not try to eventually evict the pod |
| from its node. |
| properties: |
| nodeSelectorTerms: |
| description: Required. A list of node selector |
| terms. The terms are ORed. |
| items: |
| description: A null or empty node selector |
| term matches no objects. The requirements |
| of them are ANDed. The TopologySelectorTerm |
| type implements a subset of the NodeSelectorTerm. |
| properties: |
| matchExpressions: |
| description: A list of node selector |
| requirements by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector |
| requirements by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| required: |
| - nodeSelectorTerms |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| podAffinity: |
| description: Describes pod affinity scheduling rules |
| (e.g. co-locate this pod in the same node, zone, |
| etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a |
| node that violates one or more of the expressions. |
| The node that is most preferred is the one with |
| the greatest sum of weights, i.e. for each node |
| that meets all of the scheduling requirements |
| (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by |
| iterating through the elements of this field |
| and adding "weight" to the sum if the node has |
| pods which matches the corresponding podAffinityTerm; |
| the node(s) with the highest sum are the most |
| preferred. |
| items: |
| description: The weights of all of the matched |
| WeightedPodAffinityTerm fields are added per-node |
| to find the most preferred node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set |
| of resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the |
| set of namespaces that the term applies |
| to. The term is applied to the union |
| of the namespaces selected by this |
| field and the ones listed in the namespaces |
| field. null selector and null or empty |
| namespaces list means "this pod's |
| namespace". An empty selector ({}) |
| matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a |
| static list of namespace names that |
| the term applies to. The term is applied |
| to the union of the namespaces listed |
| in this field and the ones selected |
| by namespaceSelector. null or empty |
| namespaces list and null namespaceSelector |
| means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where |
| co-located is defined as running on |
| a node whose value of the label with |
| key topologyKey matches that of any |
| node on which any of the selected |
| pods is running. Empty topologyKey |
| is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, |
| the pod will not be scheduled onto the node. |
| If the affinity requirements specified by this |
| field cease to be met at some point during pod |
| execution (e.g. due to a pod label update), |
| the system may or may not try to eventually |
| evict the pod from its node. When there are |
| multiple elements, the lists of nodes corresponding |
| to each podAffinityTerm are intersected, i.e. |
| all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the |
| given namespace(s)) that this pod should be |
| co-located (affinity) or not co-located (anti-affinity) |
| with, where co-located is defined as running |
| on a node whose value of the label with key |
| <topologyKey> matches that of any node on |
| which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| podAntiAffinity: |
| description: Describes pod anti-affinity scheduling |
| rules (e.g. avoid putting this pod in the same node, |
| zone, etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the anti-affinity |
| expressions specified by this field, but it |
| may choose a node that violates one or more |
| of the expressions. The node that is most preferred |
| is the one with the greatest sum of weights, |
| i.e. for each node that meets all of the scheduling |
| requirements (resource request, requiredDuringScheduling |
| anti-affinity expressions, etc.), compute a |
| sum by iterating through the elements of this |
| field and adding "weight" to the sum if the |
| node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest |
| sum are the most preferred. |
| items: |
| description: The weights of all of the matched |
| WeightedPodAffinityTerm fields are added per-node |
| to find the most preferred node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set |
| of resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the |
| set of namespaces that the term applies |
| to. The term is applied to the union |
| of the namespaces selected by this |
| field and the ones listed in the namespaces |
| field. null selector and null or empty |
| namespaces list means "this pod's |
| namespace". An empty selector ({}) |
| matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a |
| static list of namespace names that |
| the term applies to. The term is applied |
| to the union of the namespaces listed |
| in this field and the ones selected |
| by namespaceSelector. null or empty |
| namespaces list and null namespaceSelector |
| means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where |
| co-located is defined as running on |
| a node whose value of the label with |
| key topologyKey matches that of any |
| node on which any of the selected |
| pods is running. Empty topologyKey |
| is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the anti-affinity requirements |
| specified by this field are not met at scheduling |
| time, the pod will not be scheduled onto the |
| node. If the anti-affinity requirements specified |
| by this field cease to be met at some point |
| during pod execution (e.g. due to a pod label |
| update), the system may or may not try to eventually |
| evict the pod from its node. When there are |
| multiple elements, the lists of nodes corresponding |
| to each podAffinityTerm are intersected, i.e. |
| all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the |
| given namespace(s)) that this pod should be |
| co-located (affinity) or not co-located (anti-affinity) |
| with, where co-located is defined as running |
| on a node whose value of the label with key |
| <topologyKey> matches that of any node on |
| which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| type: object |
| automountServiceAccountToken: |
| description: AutomountServiceAccountToken indicates whether |
| a service account token should be automatically mounted. |
| type: boolean |
| container: |
| description: Container is the Kubernetes container where |
| the application should run. One can change this attribute |
| in order to override the defaults provided by the operator. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of |
| whether the variable exists or not. Cannot be updated. |
| More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. |
| If a variable cannot be resolved, the reference |
| in the input string will be unchanged. Double $$ |
| are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will |
| produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of |
| whether the variable exists or not. Cannot be updated. |
| More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set |
| in the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined |
| environment variables in the container and |
| any service environment variables. If a variable |
| cannot be resolved, the reference in the input |
| string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the |
| $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will |
| produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, |
| regardless of whether the variable exists |
| or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, |
| defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and requests |
| (limits.cpu, limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults |
| to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container |
| is starting. When a key exists in multiple sources, |
| the value associated with the last source will take |
| precedence. Values defined by an Env with a duplicate |
| key will take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source |
| of a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag |
| is specified, or IfNotPresent otherwise. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. |
| Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately |
| after a container is created. If the handler |
| fails, the container is terminated and restarted |
| according to its restart policy. Other management |
| of the container blocks until the hook completes. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the |
| working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to explicitly |
| call out to that shell. Exit status |
| of 0 is treated as live/healthy and |
| non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a |
| custom header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names |
| will be understood as the same |
| header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There are |
| no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup |
| probe failure, preemption, resource contention, |
| etc. The handler is not called if the container |
| crashes or exits. The Pod''s termination grace |
| period countdown begins before the PreStop hook |
| is executed. Regardless of the outcome of the |
| handler, the container will eventually terminate |
| within the Pod''s termination grace period (unless |
| delayed by finalizers). Other management of |
| the container blocks until the hook completes |
| or until the termination grace period is reached. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the |
| working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to explicitly |
| call out to that shell. Exit status |
| of 0 is treated as live/healthy and |
| non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a |
| custom header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names |
| will be understood as the same |
| header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There are |
| no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside a |
| shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you |
| need to explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon output, |
| so case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration in |
| seconds after the processes running in the pod |
| are sent a termination signal and the time when |
| the processes are forcibly halted with a kill |
| signal. Set this value longer than the expected |
| cleanup time for your process. If this value |
| is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that |
| port from being exposed. Any port which is listening |
| on the default "0.0.0.0" address inside a container |
| will be accessible from the network. Modifying this |
| array with strategic merge patch may corrupt the |
| data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network |
| port in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the |
| pod's IP address. This must be a valid port |
| number, 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the |
| host. If specified, this must be a valid port |
| number, 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port |
| in a pod must have a unique name. Name for |
| the port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, |
| TCP, or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service |
| readiness. Container will be removed from service |
| endpoints if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside a |
| shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you |
| need to explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon output, |
| so case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration in |
| seconds after the processes running in the pod |
| are sent a termination signal and the time when |
| the processes are forcibly halted with a kill |
| signal. Set this value longer than the expected |
| cleanup time for your process. If this value |
| is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which |
| this resource resize policy applies. Supported |
| values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it |
| defaults to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It |
| can only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of |
| one entry in pod.spec.resourceClaims of |
| the Pod where this field is used. It makes |
| that resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security |
| options the container should be run with. If set, |
| the fields of SecurityContext override the equivalent |
| fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the |
| container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run |
| as Privileged 2) has CAP_SYS_ADMIN Note that |
| this field cannot be set when spec.os.name is |
| windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when |
| running containers. Defaults to the default |
| set of capabilities granted by the container |
| runtime. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. |
| Processes in privileged containers are essentially |
| equivalent to root on the host. Defaults to |
| false. Note that this field cannot be set when |
| spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default |
| is DefaultProcMount which uses the container |
| runtime defaults for readonly paths and masked |
| paths. This requires the ProcMountType feature |
| flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of |
| the container process. Uses runtime default |
| if unset. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must |
| run as a non-root user. If true, the Kubelet |
| will validate the image at runtime to ensure |
| that it does not run as UID 0 (root) and fail |
| to start the container if it does. If unset |
| or false, no such validation will be performed. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of |
| the container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified |
| in SecurityContext takes precedence. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied |
| to the container. If unspecified, the container |
| runtime will allocate a random SELinux context |
| for each container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label |
| that applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label |
| that applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label |
| that applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label |
| that applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a |
| profile defined in a file on the node should |
| be used. The profile must be preconfigured |
| on the node to work. Must be a descending |
| path, relative to the kubelet's configured |
| seccomp profile location. Must only be set |
| if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of |
| seccomp profile will be applied. Valid options |
| are: \n Localhost - a profile defined in |
| a file on the node should be used. RuntimeDefault |
| - the container runtime default profile |
| should be used. Unconfined - no profile |
| should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be set |
| when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName |
| field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the |
| name of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| This field is alpha-level and will only |
| be honored by components that enable the |
| WindowsHostProcessContainers feature flag. |
| Setting this field without the feature flag |
| will result in errors when validating the |
| Pod. All of a Pod's containers must have |
| the same effective HostProcess value (it |
| is not allowed to have a mix of HostProcess |
| containers and non-HostProcess containers). In |
| addition, if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. |
| Defaults to the user specified in image |
| metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified |
| in SecurityContext takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod |
| has successfully initialized. If specified, no other |
| probes are executed until this completes successfully. |
| If this probe fails, the Pod will be restarted, |
| just as if the livenessProbe failed. This can be |
| used to provide different probe parameters at the |
| beginning of a Pod''s lifecycle, when it might take |
| a long time to load data or warm a cache, than during |
| steady-state operation. This cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside a |
| shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you |
| need to explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon output, |
| so case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration in |
| seconds after the processes running in the pod |
| are sent a termination signal and the time when |
| the processes are forcibly halted with a kill |
| signal. Set this value longer than the expected |
| cleanup time for your process. If this value |
| is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If |
| this is not set, reads from stdin in the container |
| will always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should |
| close the stdin channel after it has been opened |
| by a single attach. When stdin is true the stdin |
| stream will remain open across multiple attach sessions. |
| If stdinOnce is set to true, stdin is opened on |
| container start, is empty until the first client |
| attaches to stdin, and then remains open and accepts |
| data until the client disconnects, at which time |
| stdin is closed and remains closed until the container |
| is restarted. If this flag is false, a container |
| processes that reads from stdin will never receive |
| an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to |
| which the container''s termination message will |
| be written is mounted into the container''s filesystem. |
| Message written is intended to be brief final status, |
| such as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message |
| should be populated. File will use the contents |
| of terminationMessagePath to populate the container |
| status message on both success and failure. FallbackToLogsOnError |
| will use the last chunk of container log output |
| if the termination message file is empty and the |
| container exited with an error. The log output is |
| limited to 2048 bytes or 80 lines, whichever is |
| smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of |
| a raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of |
| a Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how |
| mounts are propagated from the host to container |
| and the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults |
| to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. |
| Defaults to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume |
| from which the container's volume should be |
| mounted. Behaves similarly to SubPath but |
| environment variable references $(VAR_NAME) |
| are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| containers: |
| description: List of containers belonging to the pod. |
| Containers cannot currently be added or removed. There |
| must be at least one container in a Pod. Cannot be updated. |
| items: |
| description: A single application container that you |
| want to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. |
| Variable references $(VAR_NAME) are expanded using |
| the container''s environment. If a variable cannot |
| be resolved, the reference in the input string |
| will be unchanged. Double $$ are reduced to a |
| single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will |
| never be expanded, regardless of whether the variable |
| exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is |
| used if this is not provided. Variable references |
| $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Cannot |
| be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set |
| in the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment |
| variable present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined |
| environment variables in the container and |
| any service environment variables. If a |
| variable cannot be resolved, the reference |
| in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. |
| "$$(VAR_NAME)" will produce the string literal |
| "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable |
| exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret |
| in the pod's namespace |
| properties: |
| key: |
| description: The key of the secret |
| to select from. Must be a valid |
| secret key. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container |
| is starting. When a key exists in multiple sources, |
| the value associated with the last source will |
| take precedence. Values defined by an Env with |
| a duplicate key will take precedence. Cannot be |
| updated. |
| items: |
| description: EnvFromSource represents the source |
| of a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a |
| C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, |
| Never, IfNotPresent. Defaults to Always if :latest |
| tag is specified, or IfNotPresent otherwise. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system |
| should take in response to container lifecycle |
| events. Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately |
| after a container is created. If the handler |
| fails, the container is terminated and restarted |
| according to its restart policy. Other management |
| of the container blocks until the hook completes. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately |
| before a container is terminated due to an |
| API request or management event such as liveness/startup |
| probe failure, preemption, resource contention, |
| etc. The handler is not called if the container |
| crashes or exits. The Pod''s termination grace |
| period countdown begins before the PreStop |
| hook is executed. Regardless of the outcome |
| of the handler, the container will eventually |
| terminate within the Pod''s termination grace |
| period (unless delayed by finalizers). Other |
| management of the container blocks until the |
| hook completes or until the termination grace |
| period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as |
| a DNS_LABEL. Each container in a pod must have |
| a unique name (DNS_LABEL). Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that |
| port from being exposed. Any port which is listening |
| on the default "0.0.0.0" address inside a container |
| will be accessible from the network. Modifying |
| this array with strategic merge patch may corrupt |
| the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network |
| port in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the |
| pod's IP address. This must be a valid port |
| number, 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the |
| host. If specified, this must be a valid |
| port number, 0 < x < 65536. If HostNetwork |
| is specified, this must match ContainerPort. |
| Most containers do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an |
| IANA_SVC_NAME and unique within the pod. |
| Each named port in a pod must have a unique |
| name. Name for the port that can be referred |
| to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, |
| TCP, or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service |
| readiness. Container will be removed from service |
| endpoints if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents |
| resource resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which |
| this resource resize policy applies. Supported |
| values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when |
| specified resource is resized. If not specified, |
| it defaults to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this |
| container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. |
| It can only be set for containers." |
| items: |
| description: ResourceClaim references one |
| entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name |
| of one entry in pod.spec.resourceClaims |
| of the Pod where this field is used. |
| It makes that resource available inside |
| a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum |
| amount of compute resources required. If Requests |
| is omitted for a container, it defaults to |
| Limits if that is explicitly specified, otherwise |
| to an implementation-defined value. Requests |
| cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security |
| options the container should be run with. If set, |
| the fields of SecurityContext override the equivalent |
| fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges |
| than its parent process. This bool directly |
| controls if the no_new_privs flag will be |
| set on the container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run |
| as Privileged 2) has CAP_SYS_ADMIN Note that |
| this field cannot be set when spec.os.name |
| is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when |
| running containers. Defaults to the default |
| set of capabilities granted by the container |
| runtime. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. |
| Processes in privileged containers are essentially |
| equivalent to root on the host. Defaults to |
| false. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default |
| is DefaultProcMount which uses the container |
| runtime defaults for readonly paths and masked |
| paths. This requires the ProcMountType feature |
| flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of |
| the container process. Uses runtime default |
| if unset. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must |
| run as a non-root user. If true, the Kubelet |
| will validate the image at runtime to ensure |
| that it does not run as UID 0 (root) and fail |
| to start the container if it does. If unset |
| or false, no such validation will be performed. |
| May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of |
| the container process. Defaults to user specified |
| in image metadata if unspecified. May also |
| be set in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the |
| value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied |
| to the container. If unspecified, the container |
| runtime will allocate a random SELinux context |
| for each container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label |
| that applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label |
| that applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label |
| that applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label |
| that applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided |
| at both the pod & container level, the container |
| options override the pod options. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates |
| a profile defined in a file on the node |
| should be used. The profile must be preconfigured |
| on the node to work. Must be a descending |
| path, relative to the kubelet's configured |
| seccomp profile location. Must only be |
| set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind |
| of seccomp profile will be applied. Valid |
| options are: \n Localhost - a profile |
| defined in a file on the node should be |
| used. RuntimeDefault - the container runtime |
| default profile should be used. Unconfined |
| - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where |
| the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName |
| field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the |
| name of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a |
| container should be run as a 'Host Process' |
| container. This field is alpha-level and |
| will only be honored by components that |
| enable the WindowsHostProcessContainers |
| feature flag. Setting this field without |
| the feature flag will result in errors |
| when validating the Pod. All of a Pod's |
| containers must have the same effective |
| HostProcess value (it is not allowed to |
| have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to |
| run the entrypoint of the container process. |
| Defaults to the user specified in image |
| metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod |
| has successfully initialized. If specified, no |
| other probes are executed until this completes |
| successfully. If this probe fails, the Pod will |
| be restarted, just as if the livenessProbe failed. |
| This can be used to provide different probe parameters |
| at the beginning of a Pod''s lifecycle, when it |
| might take a long time to load data or warm a |
| cache, than during steady-state operation. This |
| cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If |
| this is not set, reads from stdin in the container |
| will always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should |
| close the stdin channel after it has been opened |
| by a single attach. When stdin is true the stdin |
| stream will remain open across multiple attach |
| sessions. If stdinOnce is set to true, stdin is |
| opened on container start, is empty until the |
| first client attaches to stdin, and then remains |
| open and accepts data until the client disconnects, |
| at which time stdin is closed and remains closed |
| until the container is restarted. If this flag |
| is false, a container processes that reads from |
| stdin will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to |
| which the container''s termination message will |
| be written is mounted into the container''s filesystem. |
| Message written is intended to be brief final |
| status, such as an assertion failure message. |
| Will be truncated by the node if greater than |
| 4096 bytes. The total message length across all |
| containers will be limited to 12kb. Defaults to |
| /dev/termination-log. Cannot be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message |
| should be populated. File will use the contents |
| of terminationMessagePath to populate the container |
| status message on both success and failure. FallbackToLogsOnError |
| will use the last chunk of container log output |
| if the termination message file is empty and the |
| container exited with an error. The log output |
| is limited to 2048 bytes or 80 lines, whichever |
| is smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be |
| true. Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block |
| devices to be used by the container. |
| items: |
| description: volumeDevice describes a mapping |
| of a raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside |
| of the container that the device will be |
| mapped to. |
| type: string |
| name: |
| description: name must match the name of a |
| persistentVolumeClaim in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting |
| of a Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at |
| which the volume should be mounted. Must |
| not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how |
| mounts are propagated from the host to container |
| and the other way around. When not set, |
| MountPropagationNone is used. This field |
| is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a |
| Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults |
| to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. |
| Defaults to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume |
| from which the container's volume should |
| be mounted. Behaves similarly to SubPath |
| but environment variable references $(VAR_NAME) |
| are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not |
| specified, the container runtime's default will |
| be used, which might be configured in the container |
| image. Cannot be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| dnsConfig: |
| description: Specifies the DNS parameters of a pod. Parameters |
| specified here will be merged to the generated DNS configuration |
| based on DNSPolicy. |
| properties: |
| nameservers: |
| description: A list of DNS name server IP addresses. |
| This will be appended to the base nameservers generated |
| from DNSPolicy. Duplicated nameservers will be removed. |
| items: |
| type: string |
| type: array |
| options: |
| description: A list of DNS resolver options. This |
| will be merged with the base options generated from |
| DNSPolicy. Duplicated entries will be removed. Resolution |
| options given in Options will override those that |
| appear in the base DNSPolicy. |
| items: |
| description: PodDNSConfigOption defines DNS resolver |
| options of a pod. |
| properties: |
| name: |
| description: Required. |
| type: string |
| value: |
| type: string |
| type: object |
| type: array |
| searches: |
| description: A list of DNS search domains for host-name |
| lookup. This will be appended to the base search |
| paths generated from DNSPolicy. Duplicated search |
| paths will be removed. |
| items: |
| type: string |
| type: array |
| type: object |
| dnsPolicy: |
| description: Set DNS policy for the pod. Defaults to "ClusterFirst". |
| Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', |
| 'Default' or 'None'. DNS parameters given in DNSConfig |
| will be merged with the policy selected with DNSPolicy. |
| To have DNS options set along with hostNetwork, you |
| have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. |
| type: string |
| enableServiceLinks: |
| description: 'EnableServiceLinks indicates whether information |
| about services should be injected into pod''s environment |
| variables, matching the syntax of Docker links. Optional: |
| Defaults to true.' |
| type: boolean |
| hostAliases: |
| description: HostAliases is an optional list of hosts |
| and IPs that will be injected into the pod's hosts file |
| if specified. This is only valid for non-hostNetwork |
| pods. |
| items: |
| description: HostAlias holds the mapping between IP |
| and hostnames that will be injected as an entry in |
| the pod's hosts file. |
| properties: |
| hostnames: |
| description: Hostnames for the above IP address. |
| items: |
| type: string |
| type: array |
| ip: |
| description: IP address of the host file entry. |
| type: string |
| type: object |
| type: array |
| hostIPC: |
| description: 'Use the host''s ipc namespace. Optional: |
| Default to false.' |
| type: boolean |
| hostNetwork: |
| description: Host networking requested for this pod. Use |
| the host's network namespace. If this option is set, |
| the ports that will be used must be specified. Default |
| to false. |
| type: boolean |
| hostPID: |
| description: 'Use the host''s pid namespace. Optional: |
| Default to false.' |
| type: boolean |
| hostUsers: |
| description: 'Use the host''s user namespace. Optional: |
| Default to true. If set to true or not present, the |
| pod will be run in the host user namespace, useful for |
| when the pod needs a feature only available to the host |
| user namespace, such as loading a kernel module with |
| CAP_SYS_MODULE. When set to false, a new userns is created |
| for the pod. Setting false is useful for mitigating |
| container breakout vulnerabilities even allowing users |
| to run their containers as root without actually having |
| root privileges on the host. This field is alpha-level |
| and is only honored by servers that enable the UserNamespacesSupport |
| feature.' |
| type: boolean |
| hostname: |
| description: Specifies the hostname of the Pod If not |
| specified, the pod's hostname will be set to a system-defined |
| value. |
| type: string |
| imagePullSecrets: |
| description: 'ImagePullSecrets is an optional list of |
| references to secrets in the same namespace to use for |
| pulling any of the images used by this PodSpec. If specified, |
| these secrets will be passed to individual puller implementations |
| for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' |
| items: |
| description: LocalObjectReference contains enough information |
| to let you locate the referenced object inside the |
| same namespace. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| initContainers: |
| description: 'List of initialization containers belonging |
| to the pod. Init containers are executed in order prior |
| to containers being started. If any init container fails, |
| the pod is considered to have failed and is handled |
| according to its restartPolicy. The name for an init |
| container or normal container must be unique among all |
| containers. Init containers may not have Lifecycle actions, |
| Readiness probes, Liveness probes, or Startup probes. |
| The resourceRequirements of an init container are taken |
| into account during scheduling by finding the highest |
| request/limit for each resource type, and then using |
| the max of of that value or the sum of the normal containers. |
| Limits are applied to init containers in a similar fashion. |
| Init containers cannot currently be added or removed. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' |
| items: |
| description: A single application container that you |
| want to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. |
| Variable references $(VAR_NAME) are expanded using |
| the container''s environment. If a variable cannot |
| be resolved, the reference in the input string |
| will be unchanged. Double $$ are reduced to a |
| single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will |
| never be expanded, regardless of whether the variable |
| exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is |
| used if this is not provided. Variable references |
| $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Cannot |
| be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set |
| in the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment |
| variable present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined |
| environment variables in the container and |
| any service environment variables. If a |
| variable cannot be resolved, the reference |
| in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. |
| "$$(VAR_NAME)" will produce the string literal |
| "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable |
| exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret |
| in the pod's namespace |
| properties: |
| key: |
| description: The key of the secret |
| to select from. Must be a valid |
| secret key. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container |
| is starting. When a key exists in multiple sources, |
| the value associated with the last source will |
| take precedence. Values defined by an Env with |
| a duplicate key will take precedence. Cannot be |
| updated. |
| items: |
| description: EnvFromSource represents the source |
| of a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a |
| C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, |
| Never, IfNotPresent. Defaults to Always if :latest |
| tag is specified, or IfNotPresent otherwise. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system |
| should take in response to container lifecycle |
| events. Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately |
| after a container is created. If the handler |
| fails, the container is terminated and restarted |
| according to its restart policy. Other management |
| of the container blocks until the hook completes. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately |
| before a container is terminated due to an |
| API request or management event such as liveness/startup |
| probe failure, preemption, resource contention, |
| etc. The handler is not called if the container |
| crashes or exits. The Pod''s termination grace |
| period countdown begins before the PreStop |
| hook is executed. Regardless of the outcome |
| of the handler, the container will eventually |
| terminate within the Pod''s termination grace |
| period (unless delayed by finalizers). Other |
| management of the container blocks until the |
| hook completes or until the termination grace |
| period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as |
| a DNS_LABEL. Each container in a pod must have |
| a unique name (DNS_LABEL). Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that |
| port from being exposed. Any port which is listening |
| on the default "0.0.0.0" address inside a container |
| will be accessible from the network. Modifying |
| this array with strategic merge patch may corrupt |
| the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network |
| port in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the |
| pod's IP address. This must be a valid port |
| number, 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the |
| host. If specified, this must be a valid |
| port number, 0 < x < 65536. If HostNetwork |
| is specified, this must match ContainerPort. |
| Most containers do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an |
| IANA_SVC_NAME and unique within the pod. |
| Each named port in a pod must have a unique |
| name. Name for the port that can be referred |
| to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, |
| TCP, or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service |
| readiness. Container will be removed from service |
| endpoints if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents |
| resource resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which |
| this resource resize policy applies. Supported |
| values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when |
| specified resource is resized. If not specified, |
| it defaults to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this |
| container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. |
| It can only be set for containers." |
| items: |
| description: ResourceClaim references one |
| entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name |
| of one entry in pod.spec.resourceClaims |
| of the Pod where this field is used. |
| It makes that resource available inside |
| a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum |
| amount of compute resources required. If Requests |
| is omitted for a container, it defaults to |
| Limits if that is explicitly specified, otherwise |
| to an implementation-defined value. Requests |
| cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security |
| options the container should be run with. If set, |
| the fields of SecurityContext override the equivalent |
| fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges |
| than its parent process. This bool directly |
| controls if the no_new_privs flag will be |
| set on the container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run |
| as Privileged 2) has CAP_SYS_ADMIN Note that |
| this field cannot be set when spec.os.name |
| is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when |
| running containers. Defaults to the default |
| set of capabilities granted by the container |
| runtime. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. |
| Processes in privileged containers are essentially |
| equivalent to root on the host. Defaults to |
| false. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default |
| is DefaultProcMount which uses the container |
| runtime defaults for readonly paths and masked |
| paths. This requires the ProcMountType feature |
| flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of |
| the container process. Uses runtime default |
| if unset. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must |
| run as a non-root user. If true, the Kubelet |
| will validate the image at runtime to ensure |
| that it does not run as UID 0 (root) and fail |
| to start the container if it does. If unset |
| or false, no such validation will be performed. |
| May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of |
| the container process. Defaults to user specified |
| in image metadata if unspecified. May also |
| be set in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the |
| value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied |
| to the container. If unspecified, the container |
| runtime will allocate a random SELinux context |
| for each container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label |
| that applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label |
| that applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label |
| that applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label |
| that applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided |
| at both the pod & container level, the container |
| options override the pod options. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates |
| a profile defined in a file on the node |
| should be used. The profile must be preconfigured |
| on the node to work. Must be a descending |
| path, relative to the kubelet's configured |
| seccomp profile location. Must only be |
| set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind |
| of seccomp profile will be applied. Valid |
| options are: \n Localhost - a profile |
| defined in a file on the node should be |
| used. RuntimeDefault - the container runtime |
| default profile should be used. Unconfined |
| - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where |
| the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName |
| field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the |
| name of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a |
| container should be run as a 'Host Process' |
| container. This field is alpha-level and |
| will only be honored by components that |
| enable the WindowsHostProcessContainers |
| feature flag. Setting this field without |
| the feature flag will result in errors |
| when validating the Pod. All of a Pod's |
| containers must have the same effective |
| HostProcess value (it is not allowed to |
| have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to |
| run the entrypoint of the container process. |
| Defaults to the user specified in image |
| metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod |
| has successfully initialized. If specified, no |
| other probes are executed until this completes |
| successfully. If this probe fails, the Pod will |
| be restarted, just as if the livenessProbe failed. |
| This can be used to provide different probe parameters |
| at the beginning of a Pod''s lifecycle, when it |
| might take a long time to load data or warm a |
| cache, than during steady-state operation. This |
| cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If |
| this is not set, reads from stdin in the container |
| will always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should |
| close the stdin channel after it has been opened |
| by a single attach. When stdin is true the stdin |
| stream will remain open across multiple attach |
| sessions. If stdinOnce is set to true, stdin is |
| opened on container start, is empty until the |
| first client attaches to stdin, and then remains |
| open and accepts data until the client disconnects, |
| at which time stdin is closed and remains closed |
| until the container is restarted. If this flag |
| is false, a container processes that reads from |
| stdin will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to |
| which the container''s termination message will |
| be written is mounted into the container''s filesystem. |
| Message written is intended to be brief final |
| status, such as an assertion failure message. |
| Will be truncated by the node if greater than |
| 4096 bytes. The total message length across all |
| containers will be limited to 12kb. Defaults to |
| /dev/termination-log. Cannot be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message |
| should be populated. File will use the contents |
| of terminationMessagePath to populate the container |
| status message on both success and failure. FallbackToLogsOnError |
| will use the last chunk of container log output |
| if the termination message file is empty and the |
| container exited with an error. The log output |
| is limited to 2048 bytes or 80 lines, whichever |
| is smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be |
| true. Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block |
| devices to be used by the container. |
| items: |
| description: volumeDevice describes a mapping |
| of a raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside |
| of the container that the device will be |
| mapped to. |
| type: string |
| name: |
| description: name must match the name of a |
| persistentVolumeClaim in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting |
| of a Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at |
| which the volume should be mounted. Must |
| not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how |
| mounts are propagated from the host to container |
| and the other way around. When not set, |
| MountPropagationNone is used. This field |
| is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a |
| Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults |
| to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. |
| Defaults to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume |
| from which the container's volume should |
| be mounted. Behaves similarly to SubPath |
| but environment variable references $(VAR_NAME) |
| are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not |
| specified, the container runtime's default will |
| be used, which might be configured in the container |
| image. Cannot be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| nodeName: |
| description: NodeName is a request to schedule this pod |
| onto a specific node. If it is non-empty, the scheduler |
| simply schedules this pod onto that node, assuming that |
| it fits resource requirements. |
| type: string |
| nodeSelector: |
| additionalProperties: |
| type: string |
| description: 'NodeSelector is a selector which must be |
| true for the pod to fit on a node. Selector which must |
| match a node''s labels for the pod to be scheduled on |
| that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' |
| type: object |
| x-kubernetes-map-type: atomic |
| os: |
| description: "Specifies the OS of the containers in the |
| pod. Some pod and container fields are restricted if |
| this is set. \n If the OS field is set to linux, the |
| following fields must be unset: -securityContext.windowsOptions |
| \n If the OS field is set to windows, following fields |
| must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers |
| - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile |
| - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy |
| - spec.securityContext.sysctls - spec.shareProcessNamespace |
| - spec.securityContext.runAsUser - spec.securityContext.runAsGroup |
| - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions |
| - spec.containers[*].securityContext.seccompProfile |
| - spec.containers[*].securityContext.capabilities - |
| spec.containers[*].securityContext.readOnlyRootFilesystem |
| - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation |
| - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser |
| - spec.containers[*].securityContext.runAsGroup" |
| properties: |
| name: |
| description: 'Name is the name of the operating system. |
| The currently supported values are linux and windows. |
| Additional value may be defined in future and can |
| be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration |
| Clients should expect to handle additional values |
| and treat unrecognized values in this field as os: |
| null' |
| type: string |
| required: |
| - name |
| type: object |
| overhead: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Overhead represents the resource overhead |
| associated with running a pod for a given RuntimeClass. |
| This field will be autopopulated at admission time by |
| the RuntimeClass admission controller. If the RuntimeClass |
| admission controller is enabled, overhead must not be |
| set in Pod create requests. The RuntimeClass admission |
| controller will reject Pod create requests which have |
| the overhead already set. If RuntimeClass is configured |
| and selected in the PodSpec, Overhead will be set to |
| the value defined in the corresponding RuntimeClass, |
| otherwise it will remain unset and treated as zero. |
| More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' |
| type: object |
| preemptionPolicy: |
| description: PreemptionPolicy is the Policy for preempting |
| pods with lower priority. One of Never, PreemptLowerPriority. |
| Defaults to PreemptLowerPriority if unset. |
| type: string |
| priority: |
| description: The priority value. Various system components |
| use this field to find the priority of the pod. When |
| Priority Admission Controller is enabled, it prevents |
| users from setting this field. The admission controller |
| populates this field from PriorityClassName. The higher |
| the value, the higher the priority. |
| format: int32 |
| type: integer |
| priorityClassName: |
| description: If specified, indicates the pod's priority. |
| "system-node-critical" and "system-cluster-critical" |
| are two special keywords which indicate the highest |
| priorities with the former being the highest priority. |
| Any other name must be defined by creating a PriorityClass |
| object with that name. If not specified, the pod priority |
| will be default or zero if there is no default. |
| type: string |
| readinessGates: |
| description: 'If specified, all readiness gates will be |
| evaluated for pod readiness. A pod is ready when all |
| its containers are ready AND all conditions specified |
| in the readiness gates have status equal to "True" More |
| info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' |
| items: |
| description: PodReadinessGate contains the reference |
| to a pod condition |
| properties: |
| conditionType: |
| description: ConditionType refers to a condition |
| in the pod's condition list with matching type. |
| type: string |
| required: |
| - conditionType |
| type: object |
| type: array |
| replicas: |
| format: int32 |
| type: integer |
| resourceClaims: |
| description: "ResourceClaims defines which ResourceClaims |
| must be allocated and reserved before the Pod is allowed |
| to start. The resources will be made available to those |
| containers which consume them by name. \n This is an |
| alpha field and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable." |
| items: |
| description: PodResourceClaim references exactly one |
| ResourceClaim through a ClaimSource. It adds a name |
| to it that uniquely identifies the ResourceClaim inside |
| the Pod. Containers that need access to the ResourceClaim |
| reference it with this name. |
| properties: |
| name: |
| description: Name uniquely identifies this resource |
| claim inside the pod. This must be a DNS_LABEL. |
| type: string |
| source: |
| description: Source describes where to find the |
| ResourceClaim. |
| properties: |
| resourceClaimName: |
| description: ResourceClaimName is the name of |
| a ResourceClaim object in the same namespace |
| as this pod. |
| type: string |
| resourceClaimTemplateName: |
| description: "ResourceClaimTemplateName is the |
| name of a ResourceClaimTemplate object in |
| the same namespace as this pod. \n The template |
| will be used to create a new ResourceClaim, |
| which will be bound to this pod. When this |
| pod is deleted, the ResourceClaim will also |
| be deleted. The name of the ResourceClaim |
| will be <pod name>-<resource name>, where |
| <resource name> is the PodResourceClaim.Name. |
| Pod validation will reject the pod if the |
| concatenated name is not valid for a ResourceClaim |
| (e.g. too long). \n An existing ResourceClaim |
| with that name that is not owned by the pod |
| will not be used for the pod to avoid using |
| an unrelated resource by mistake. Scheduling |
| and pod startup are then blocked until the |
| unrelated ResourceClaim is removed. \n This |
| field is immutable and no changes will be |
| made to the corresponding ResourceClaim by |
| the control plane after creating the ResourceClaim." |
| type: string |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| restartPolicy: |
| description: 'Restart policy for all containers within |
| the pod. One of Always, OnFailure, Never. In some contexts, |
| only a subset of those values may be permitted. Default |
| to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' |
| type: string |
| runtimeClassName: |
| description: 'RuntimeClassName refers to a RuntimeClass |
| object in the node.k8s.io group, which should be used |
| to run this pod. If no RuntimeClass resource matches |
| the named class, the pod will not be run. If unset or |
| empty, the "legacy" RuntimeClass will be used, which |
| is an implicit class with an empty definition that uses |
| the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' |
| type: string |
| schedulerName: |
| description: If specified, the pod will be dispatched |
| by specified scheduler. If not specified, the pod will |
| be dispatched by default scheduler. |
| type: string |
| schedulingGates: |
| description: "SchedulingGates is an opaque list of values |
| that if specified will block scheduling the pod. If |
| schedulingGates is not empty, the pod will stay in the |
| SchedulingGated state and the scheduler will not attempt |
| to schedule the pod. \n SchedulingGates can only be |
| set at pod creation time, and be removed only afterwards. |
| \n This is a beta feature enabled by the PodSchedulingReadiness |
| feature gate." |
| items: |
| description: PodSchedulingGate is associated to a Pod |
| to guard its scheduling. |
| properties: |
| name: |
| description: Name of the scheduling gate. Each scheduling |
| gate must have a unique name field. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| securityContext: |
| description: 'SecurityContext holds pod-level security |
| attributes and common container settings. Optional: |
| Defaults to empty. See type description for default |
| values of each field.' |
| properties: |
| fsGroup: |
| description: "A special supplemental group that applies |
| to all containers in a pod. Some volume types allow |
| the Kubelet to change the ownership of that volume |
| to be owned by the pod: \n 1. The owning GID will |
| be the FSGroup 2. The setgid bit is set (new files |
| created in the volume will be owned by FSGroup) |
| 3. The permission bits are OR'd with rw-rw---- \n |
| If unset, the Kubelet will not modify the ownership |
| and permissions of any volume. Note that this field |
| cannot be set when spec.os.name is windows." |
| format: int64 |
| type: integer |
| fsGroupChangePolicy: |
| description: 'fsGroupChangePolicy defines behavior |
| of changing ownership and permission of the volume |
| before being exposed inside Pod. This field will |
| only apply to volume types which support fsGroup |
| based ownership(and permissions). It will have no |
| effect on ephemeral volume types such as: secret, |
| configmaps and emptydir. Valid values are "OnRootMismatch" |
| and "Always". If not specified, "Always" is used. |
| Note that this field cannot be set when spec.os.name |
| is windows.' |
| type: string |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in SecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence for |
| that container. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not |
| run as UID 0 (root) and fail to start the container |
| if it does. If unset or false, no such validation |
| will be performed. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified in |
| image metadata if unspecified. May also be set in |
| SecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| all containers. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence |
| for that container. Note that this field cannot |
| be set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by the containers |
| in this pod. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must only be set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file on |
| the node should be used. RuntimeDefault - the |
| container runtime default profile should be |
| used. Unconfined - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| supplementalGroups: |
| description: A list of groups applied to the first |
| process run in each container, in addition to the |
| container's primary GID, the fsGroup (if specified), |
| and group memberships defined in the container image |
| for the uid of the container process. If unspecified, |
| no additional groups are added to any container. |
| Note that group memberships defined in the container |
| image for the uid of the container process are still |
| effective, even if they are not included in this |
| list. Note that this field cannot be set when spec.os.name |
| is windows. |
| items: |
| format: int64 |
| type: integer |
| type: array |
| sysctls: |
| description: Sysctls hold a list of namespaced sysctls |
| used for the pod. Pods with unsupported sysctls |
| (by the container runtime) might fail to launch. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| items: |
| description: Sysctl defines a kernel parameter to |
| be set |
| properties: |
| name: |
| description: Name of a property to set |
| type: string |
| value: |
| description: Value of a property to set |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options within |
| a container's SecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| This field is alpha-level and will only be honored |
| by components that enable the WindowsHostProcessContainers |
| feature flag. Setting this field without the |
| feature flag will result in errors when validating |
| the Pod. All of a Pod's containers must have |
| the same effective HostProcess value (it is |
| not allowed to have a mix of HostProcess containers |
| and non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the |
| entrypoint of the container process. Defaults |
| to the user specified in image metadata if unspecified. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| serviceAccountName: |
| description: 'ServiceAccountName is the name of the ServiceAccount |
| to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' |
| type: string |
| setHostnameAsFQDN: |
| description: If true the pod's hostname will be configured |
| as the pod's FQDN, rather than the leaf name (the default). |
| In Linux containers, this means setting the FQDN in |
| the hostname field of the kernel (the nodename field |
| of struct utsname). In Windows containers, this means |
| setting the registry value of hostname for the registry |
| key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters |
| to FQDN. If a pod does not have FQDN, this has no effect. |
| Default to false. |
| type: boolean |
| shareProcessNamespace: |
| description: 'Share a single process namespace between |
| all of the containers in a pod. When this is set containers |
| will be able to view and signal processes from other |
| containers in the same pod, and the first process in |
| each container will not be assigned PID 1. HostPID and |
| ShareProcessNamespace cannot both be set. Optional: |
| Default to false.' |
| type: boolean |
| subdomain: |
| description: If specified, the fully qualified Pod hostname |
| will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster |
| domain>". If not specified, the pod will not have a |
| domainname at all. |
| type: string |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully. May be decreased in delete |
| request. Value must be non-negative integer. The value |
| zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). If this value is nil, |
| the default grace period will be used instead. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. Defaults to 30 seconds. |
| format: int64 |
| type: integer |
| tolerations: |
| description: If specified, the pod's tolerations. |
| items: |
| description: The pod this Toleration is attached to |
| tolerates any taint that matches the triple <key,value,effect> |
| using the matching operator <operator>. |
| properties: |
| effect: |
| description: Effect indicates the taint effect to |
| match. Empty means match all taint effects. When |
| specified, allowed values are NoSchedule, PreferNoSchedule |
| and NoExecute. |
| type: string |
| key: |
| description: Key is the taint key that the toleration |
| applies to. Empty means match all taint keys. |
| If the key is empty, operator must be Exists; |
| this combination means to match all values and |
| all keys. |
| type: string |
| operator: |
| description: Operator represents a key's relationship |
| to the value. Valid operators are Exists and Equal. |
| Defaults to Equal. Exists is equivalent to wildcard |
| for value, so that a pod can tolerate all taints |
| of a particular category. |
| type: string |
| tolerationSeconds: |
| description: TolerationSeconds represents the period |
| of time the toleration (which must be of effect |
| NoExecute, otherwise this field is ignored) tolerates |
| the taint. By default, it is not set, which means |
| tolerate the taint forever (do not evict). Zero |
| and negative values will be treated as 0 (evict |
| immediately) by the system. |
| format: int64 |
| type: integer |
| value: |
| description: Value is the taint value the toleration |
| matches to. If the operator is Exists, the value |
| should be empty, otherwise just a regular string. |
| type: string |
| type: object |
| type: array |
| topologySpreadConstraints: |
| description: TopologySpreadConstraints describes how a |
| group of pods ought to spread across topology domains. |
| Scheduler will schedule pods in a way which abides by |
| the constraints. All topologySpreadConstraints are ANDed. |
| items: |
| description: TopologySpreadConstraint specifies how |
| to spread matching pods among the given topology. |
| properties: |
| labelSelector: |
| description: LabelSelector is used to find matching |
| pods. Pods that match this label selector are |
| counted to determine the number of pods in their |
| corresponding topology domain. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: key is the label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is |
| "In", and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| matchLabelKeys: |
| description: "MatchLabelKeys is a set of pod label |
| keys to select the pods over which spreading will |
| be calculated. The keys are used to lookup values |
| from the incoming pod labels, those key-value |
| labels are ANDed with labelSelector to select |
| the group of existing pods over which spreading |
| will be calculated for the incoming pod. The same |
| key is forbidden to exist in both MatchLabelKeys |
| and LabelSelector. MatchLabelKeys cannot be set |
| when LabelSelector isn't set. Keys that don't |
| exist in the incoming pod labels will be ignored. |
| A null or empty list means only match against |
| labelSelector. \n This is a beta field and requires |
| the MatchLabelKeysInPodTopologySpread feature |
| gate to be enabled (enabled by default)." |
| items: |
| type: string |
| type: array |
| x-kubernetes-list-type: atomic |
| maxSkew: |
| description: 'MaxSkew describes the degree to which |
| pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, |
| it is the maximum permitted difference between |
| the number of matching pods in the target topology |
| and the global minimum. The global minimum is |
| the minimum number of matching pods in an eligible |
| domain or zero if the number of eligible domains |
| is less than MinDomains. For example, in a 3-zone |
| cluster, MaxSkew is set to 1, and pods with the |
| same labelSelector spread as 2/2/1: In this case, |
| the global minimum is 1. | zone1 | zone2 | zone3 |
| | | P P | P P | P | - if MaxSkew is 1, |
| incoming pod can only be scheduled to zone3 to |
| become 2/2/2; scheduling it onto zone1(zone2) |
| would make the ActualSkew(3-1) on zone1(zone2) |
| violate MaxSkew(1). - if MaxSkew is 2, incoming |
| pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, |
| it is used to give higher precedence to topologies |
| that satisfy it. It''s a required field. Default |
| value is 1 and 0 is not allowed.' |
| format: int32 |
| type: integer |
| minDomains: |
| description: "MinDomains indicates a minimum number |
| of eligible domains. When the number of eligible |
| domains with matching topology keys is less than |
| minDomains, Pod Topology Spread treats \"global |
| minimum\" as 0, and then the calculation of Skew |
| is performed. And when the number of eligible |
| domains with matching topology keys equals or |
| greater than minDomains, this value has no effect |
| on scheduling. As a result, when the number of |
| eligible domains is less than minDomains, scheduler |
| won't schedule more than maxSkew Pods to those |
| domains. If value is nil, the constraint behaves |
| as if MinDomains is equal to 1. Valid values are |
| integers greater than 0. When value is not nil, |
| WhenUnsatisfiable must be DoNotSchedule. \n For |
| example, in a 3-zone cluster, MaxSkew is set to |
| 2, MinDomains is set to 5 and pods with the same |
| labelSelector spread as 2/2/2: | zone1 | zone2 |
| | zone3 | | P P | P P | P P | The number |
| of domains is less than 5(MinDomains), so \"global |
| minimum\" is treated as 0. In this situation, |
| new pod with the same labelSelector cannot be |
| scheduled, because computed skew will be 3(3 - |
| 0) if new Pod is scheduled to any of the three |
| zones, it will violate MaxSkew. \n This is a beta |
| field and requires the MinDomainsInPodTopologySpread |
| feature gate to be enabled (enabled by default)." |
| format: int32 |
| type: integer |
| nodeAffinityPolicy: |
| description: "NodeAffinityPolicy indicates how we |
| will treat Pod's nodeAffinity/nodeSelector when |
| calculating pod topology spread skew. Options |
| are: - Honor: only nodes matching nodeAffinity/nodeSelector |
| are included in the calculations. - Ignore: nodeAffinity/nodeSelector |
| are ignored. All nodes are included in the calculations. |
| \n If this value is nil, the behavior is equivalent |
| to the Honor policy. This is a beta-level feature |
| default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| nodeTaintsPolicy: |
| description: "NodeTaintsPolicy indicates how we |
| will treat node taints when calculating pod topology |
| spread skew. Options are: - Honor: nodes without |
| taints, along with tainted nodes for which the |
| incoming pod has a toleration, are included. - |
| Ignore: node taints are ignored. All nodes are |
| included. \n If this value is nil, the behavior |
| is equivalent to the Ignore policy. This is a |
| beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| topologyKey: |
| description: TopologyKey is the key of node labels. |
| Nodes that have a label with this key and identical |
| values are considered to be in the same topology. |
| We consider each <key, value> as a "bucket", and |
| try to put balanced number of pods into each bucket. |
| We define a domain as a particular instance of |
| a topology. Also, we define an eligible domain |
| as a domain whose nodes meet the requirements |
| of nodeAffinityPolicy and nodeTaintsPolicy. e.g. |
| If TopologyKey is "kubernetes.io/hostname", each |
| Node is a domain of that topology. And, if TopologyKey |
| is "topology.kubernetes.io/zone", each zone is |
| a domain of that topology. It's a required field. |
| type: string |
| whenUnsatisfiable: |
| description: 'WhenUnsatisfiable indicates how to |
| deal with a pod if it doesn''t satisfy the spread |
| constraint. - DoNotSchedule (default) tells the |
| scheduler not to schedule it. - ScheduleAnyway |
| tells the scheduler to schedule the pod in any |
| location, but giving higher precedence to topologies |
| that would help reduce the skew. A constraint |
| is considered "Unsatisfiable" for an incoming |
| pod if and only if every possible node assignment |
| for that pod would violate "MaxSkew" on some topology. |
| For example, in a 3-zone cluster, MaxSkew is set |
| to 1, and pods with the same labelSelector spread |
| as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | |
| If WhenUnsatisfiable is set to DoNotSchedule, |
| incoming pod can only be scheduled to zone2(zone3) |
| to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) |
| satisfies MaxSkew(1). In other words, the cluster |
| can still be imbalanced, but scheduler won''t |
| make it *more* imbalanced. It''s a required field.' |
| type: string |
| required: |
| - maxSkew |
| - topologyKey |
| - whenUnsatisfiable |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - topologyKey |
| - whenUnsatisfiable |
| x-kubernetes-list-type: map |
| volumes: |
| description: 'List of volumes that can be mounted by containers |
| belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' |
| items: |
| description: Volume represents a named volume in a pod |
| that may be accessed by any container in the pod. |
| properties: |
| awsElasticBlockStore: |
| description: 'awsElasticBlockStore represents an |
| AWS Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty).' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly value true will force |
| the readOnly setting in VolumeMounts. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: boolean |
| volumeID: |
| description: 'volumeID is unique ID of the persistent |
| disk resource in AWS (Amazon EBS volume). |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: string |
| required: |
| - volumeID |
| type: object |
| azureDisk: |
| description: azureDisk represents an Azure Data |
| Disk mount on the host and bind mount to the pod. |
| properties: |
| cachingMode: |
| description: 'cachingMode is the Host Caching |
| mode: None, Read Only, Read Write.' |
| type: string |
| diskName: |
| description: diskName is the Name of the data |
| disk in the blob storage |
| type: string |
| diskURI: |
| description: diskURI is the URI of data disk |
| in the blob storage |
| type: string |
| fsType: |
| description: fsType is Filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| kind: |
| description: 'kind expected values are Shared: |
| multiple blob disks per storage account Dedicated: |
| single blob disk per storage account Managed: |
| azure managed data disk (only in managed availability |
| set). defaults to shared' |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| required: |
| - diskName |
| - diskURI |
| type: object |
| azureFile: |
| description: azureFile represents an Azure File |
| Service mount on the host and bind mount to the |
| pod. |
| properties: |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretName: |
| description: secretName is the name of secret |
| that contains Azure Storage Account Name and |
| Key |
| type: string |
| shareName: |
| description: shareName is the azure share Name |
| type: string |
| required: |
| - secretName |
| - shareName |
| type: object |
| cephfs: |
| description: cephFS represents a Ceph FS mount on |
| the host that shares a pod's lifetime |
| properties: |
| monitors: |
| description: 'monitors is Required: Monitors |
| is a collection of Ceph monitors More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| path: |
| description: 'path is Optional: Used as the |
| mounted root, rather than the full Ceph tree, |
| default is /' |
| type: string |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts. |
| More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: boolean |
| secretFile: |
| description: 'secretFile is Optional: SecretFile |
| is the path to key ring for User, default |
| is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| secretRef: |
| description: 'secretRef is Optional: SecretRef |
| is reference to the authentication secret |
| for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is optional: User is the |
| rados user name, default is admin More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| required: |
| - monitors |
| type: object |
| cinder: |
| description: 'cinder represents a cinder volume |
| attached and mounted on kubelets host machine. |
| More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| readOnly: |
| description: 'readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: boolean |
| secretRef: |
| description: 'secretRef is optional: points |
| to a secret object containing parameters used |
| to connect to OpenStack.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeID: |
| description: 'volumeID used to identify the |
| volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| required: |
| - volumeID |
| type: object |
| configMap: |
| description: configMap represents a configMap that |
| should populate this volume |
| properties: |
| defaultMode: |
| description: 'defaultMode is optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced ConfigMap |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the ConfigMap, the |
| volume setup will error unless it is marked |
| optional. Paths must be relative and may not |
| contain the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether the ConfigMap |
| or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| csi: |
| description: csi (Container Storage Interface) represents |
| ephemeral storage that is handled by certain external |
| CSI drivers (Beta feature). |
| properties: |
| driver: |
| description: driver is the name of the CSI driver |
| that handles this volume. Consult with your |
| admin for the correct name as registered in |
| the cluster. |
| type: string |
| fsType: |
| description: fsType to mount. Ex. "ext4", "xfs", |
| "ntfs". If not provided, the empty value is |
| passed to the associated CSI driver which |
| will determine the default filesystem to apply. |
| type: string |
| nodePublishSecretRef: |
| description: nodePublishSecretRef is a reference |
| to the secret object containing sensitive |
| information to pass to the CSI driver to complete |
| the CSI NodePublishVolume and NodeUnpublishVolume |
| calls. This field is optional, and may be |
| empty if no secret is required. If the secret |
| object contains more than one secret, all |
| secret references are passed. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| readOnly: |
| description: readOnly specifies a read-only |
| configuration for the volume. Defaults to |
| false (read/write). |
| type: boolean |
| volumeAttributes: |
| additionalProperties: |
| type: string |
| description: volumeAttributes stores driver-specific |
| properties that are passed to the CSI driver. |
| Consult your driver's documentation for supported |
| values. |
| type: object |
| required: |
| - driver |
| type: object |
| downwardAPI: |
| description: downwardAPI represents downward API |
| about the pod that should populate this volume |
| properties: |
| defaultMode: |
| description: 'Optional: mode bits to use on |
| created files by default. Must be a Optional: |
| mode bits used to set permissions on created |
| files by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: Items is a list of downward API |
| volume file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing |
| the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field |
| of the pod: only annotations, labels, |
| name and namespace are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used |
| to set permissions on this file, must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. |
| YAML accepts both octal and decimal |
| values, JSON requires decimal values |
| for mode bits. If not specified, the |
| volume defaultMode will be used. This |
| might be in conflict with other options |
| that affect the file mode, like fsGroup, |
| and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the relative |
| path name of the file to be created. |
| Must not be absolute or contain the |
| ''..'' path. Must be utf-8 encoded. |
| The first item of the relative path |
| must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| requests.cpu and requests.memory) are |
| currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| emptyDir: |
| description: 'emptyDir represents a temporary directory |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| properties: |
| medium: |
| description: 'medium represents what type of |
| storage medium should back this directory. |
| The default is "" which means to use the node''s |
| default medium. Must be an empty string (default) |
| or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount |
| of local storage required for this EmptyDir |
| volume. The size limit is also applicable |
| for memory medium. The maximum usage on memory |
| medium EmptyDir would be the minimum value |
| between the SizeLimit specified here and the |
| sum of memory limits of all containers in |
| a pod. The default is nil which means that |
| the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| ephemeral: |
| description: "ephemeral represents a volume that |
| is handled by a cluster storage driver. The volume's |
| lifecycle is tied to the pod that defines it - |
| it will be created before the pod starts, and |
| deleted when the pod is removed. \n Use this if: |
| a) the volume is only needed while the pod runs, |
| b) features of normal volumes like restoring from |
| snapshot or capacity tracking are needed, c) the |
| storage driver is specified through a storage |
| class, and d) the storage driver supports dynamic |
| volume provisioning through a PersistentVolumeClaim |
| (see EphemeralVolumeSource for more information |
| on the connection between this volume type and |
| PersistentVolumeClaim). \n Use PersistentVolumeClaim |
| or one of the vendor-specific APIs for volumes |
| that persist for longer than the lifecycle of |
| an individual pod. \n Use CSI for light-weight |
| local ephemeral volumes if the CSI driver is meant |
| to be used that way - see the documentation of |
| the driver for more information. \n A pod can |
| use both types of ephemeral volumes and persistent |
| volumes at the same time." |
| properties: |
| volumeClaimTemplate: |
| description: "Will be used to create a stand-alone |
| PVC to provision the volume. The pod in which |
| this EphemeralVolumeSource is embedded will |
| be the owner of the PVC, i.e. the PVC will |
| be deleted together with the pod. The name |
| of the PVC will be `<pod name>-<volume name>` |
| where `<volume name>` is the name from the |
| `PodSpec.Volumes` array entry. Pod validation |
| will reject the pod if the concatenated name |
| is not valid for a PVC (for example, too long). |
| \n An existing PVC with that name that is |
| not owned by the pod will *not* be used for |
| the pod to avoid using an unrelated volume |
| by mistake. Starting the pod is then blocked |
| until the unrelated PVC is removed. If such |
| a pre-created PVC is meant to be used by the |
| pod, the PVC has to updated with an owner |
| reference to the pod once the pod exists. |
| Normally this should not be necessary, but |
| it may be useful when manually reconstructing |
| a broken cluster. \n This field is read-only |
| and no changes will be made by Kubernetes |
| to the PVC after it has been created. \n Required, |
| must not be nil." |
| properties: |
| metadata: |
| description: May contain labels and annotations |
| that will be copied into the PVC when |
| creating it. No other fields are allowed |
| and will be rejected during validation. |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged |
| into the PVC that gets created from this |
| template. The same fields as in a PersistentVolumeClaim |
| are also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the |
| desired access modes the volume should |
| have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be |
| used to specify either: * An existing |
| VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) |
| If the provisioner or an external |
| controller can support the specified |
| data source, it will create a new |
| volume based on the contents of the |
| specified data source. When the AnyVolumeDataSource |
| feature gate is enabled, dataSource |
| contents will be copied to dataSourceRef, |
| and dataSourceRef contents will be |
| copied to dataSource when dataSourceRef.namespace |
| is not specified. If the namespace |
| is specified, then dataSourceRef will |
| not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies |
| the object from which to populate |
| the volume with data, if a non-empty |
| volume is desired. This may be any |
| object from a non-empty API group |
| (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, |
| volume binding will only succeed if |
| the type of the specified object matches |
| some installed volume populator or |
| dynamic provisioner. This field will |
| replace the functionality of the dataSource |
| field and as such if both fields are |
| non-empty, they must have the same |
| value. For backwards compatibility, |
| when namespace isn''t specified in |
| dataSourceRef, both fields (dataSource |
| and dataSourceRef) will be set to |
| the same value automatically if one |
| of them is empty and the other is |
| non-empty. When namespace is specified |
| in dataSourceRef, dataSource isn''t |
| set to the same value and must be |
| empty. There are three important differences |
| between dataSource and dataSourceRef: |
| * While dataSource only allows two |
| specific types of objects, dataSourceRef |
| allows any non-core object, as well |
| as PersistentVolumeClaim objects. |
| * While dataSource ignores disallowed |
| values (dropping them), dataSourceRef |
| preserves all values, and generates |
| an error if a disallowed value is |
| specified. * While dataSource only |
| allows local objects, dataSourceRef |
| allows objects in any namespaces. |
| (Beta) Using this field requires the |
| AnyVolumeDataSource feature gate to |
| be enabled. (Alpha) Using the namespace |
| field of dataSourceRef requires the |
| CrossNamespaceVolumeDataSource feature |
| gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace |
| of resource being referenced Note |
| that when a namespace is specified, |
| a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent |
| namespace to allow that namespace's |
| owner to accept the reference. |
| See the ReferenceGrant documentation |
| for details. (Alpha) This field |
| requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the |
| minimum resources the volume should |
| have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed |
| to specify resource requirements that |
| are lower than previous value but |
| must still be higher than capacity |
| recorded in the status field of the |
| claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names |
| of resources, defined in spec.resourceClaims, |
| that are used by this container. |
| \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is |
| immutable. It can only be set |
| for containers." |
| items: |
| description: ResourceClaim references |
| one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match |
| the name of one entry in |
| pod.spec.resourceClaims |
| of the Pod where this field |
| is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the |
| maximum amount of compute resources |
| allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes |
| the minimum amount of compute |
| resources required. If Requests |
| is omitted for a container, it |
| defaults to Limits if that is |
| explicitly specified, otherwise |
| to an implementation-defined value. |
| Requests cannot exceed Limits. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query |
| over volumes to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the |
| name of the StorageClass required |
| by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what |
| type of volume is required by the |
| claim. Value of Filesystem is implied |
| when not included in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding |
| reference to the PersistentVolume |
| backing this claim. |
| type: string |
| type: object |
| required: |
| - spec |
| type: object |
| type: object |
| fc: |
| description: fc represents a Fibre Channel resource |
| that is attached to a kubelet's host machine and |
| then exposed to the pod. |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. TODO: how do we prevent errors |
| in the filesystem from compromising the machine' |
| type: string |
| lun: |
| description: 'lun is Optional: FC target lun |
| number' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| targetWWNs: |
| description: 'targetWWNs is Optional: FC target |
| worldwide names (WWNs)' |
| items: |
| type: string |
| type: array |
| wwids: |
| description: 'wwids Optional: FC volume world |
| wide identifiers (wwids) Either wwids or combination |
| of targetWWNs and lun must be set, but not |
| both simultaneously.' |
| items: |
| type: string |
| type: array |
| type: object |
| flexVolume: |
| description: flexVolume represents a generic volume |
| resource that is provisioned/attached using an |
| exec based plugin. |
| properties: |
| driver: |
| description: driver is the name of the driver |
| to use for this volume. |
| type: string |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". The default filesystem depends |
| on FlexVolume script. |
| type: string |
| options: |
| additionalProperties: |
| type: string |
| description: 'options is Optional: this field |
| holds extra command options if any.' |
| type: object |
| readOnly: |
| description: 'readOnly is Optional: defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| secretRef: |
| description: 'secretRef is Optional: secretRef |
| is reference to the secret object containing |
| sensitive information to pass to the plugin |
| scripts. This may be empty if no secret object |
| is specified. If the secret object contains |
| more than one secret, all secrets are passed |
| to the plugin scripts.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - driver |
| type: object |
| flocker: |
| description: flocker represents a Flocker volume |
| attached to a kubelet's host machine. This depends |
| on the Flocker control service being running |
| properties: |
| datasetName: |
| description: datasetName is Name of the dataset |
| stored as metadata -> name on the dataset |
| for Flocker should be considered as deprecated |
| type: string |
| datasetUUID: |
| description: datasetUUID is the UUID of the |
| dataset. This is unique identifier of a Flocker |
| dataset |
| type: string |
| type: object |
| gcePersistentDisk: |
| description: 'gcePersistentDisk represents a GCE |
| Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| properties: |
| fsType: |
| description: 'fsType is filesystem type of the |
| volume that you want to mount. Tip: Ensure |
| that the filesystem type is supported by the |
| host operating system. Examples: "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| format: int32 |
| type: integer |
| pdName: |
| description: 'pdName is unique name of the PD |
| resource in GCE. Used to identify the disk |
| in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: boolean |
| required: |
| - pdName |
| type: object |
| gitRepo: |
| description: 'gitRepo represents a git repository |
| at a particular revision. DEPRECATED: GitRepo |
| is deprecated. To provision a container with a |
| git repo, mount an EmptyDir into an InitContainer |
| that clones the repo using git, then mount the |
| EmptyDir into the Pod''s container.' |
| properties: |
| directory: |
| description: directory is the target directory |
| name. Must not contain or start with '..'. If |
| '.' is supplied, the volume directory will |
| be the git repository. Otherwise, if specified, |
| the volume will contain the git repository |
| in the subdirectory with the given name. |
| type: string |
| repository: |
| description: repository is the URL |
| type: string |
| revision: |
| description: revision is the commit hash for |
| the specified revision. |
| type: string |
| required: |
| - repository |
| type: object |
| glusterfs: |
| description: 'glusterfs represents a Glusterfs mount |
| on the host that shares a pod''s lifetime. More |
| info: https://examples.k8s.io/volumes/glusterfs/README.md' |
| properties: |
| endpoints: |
| description: 'endpoints is the endpoint name |
| that details Glusterfs topology. More info: |
| https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| path: |
| description: 'path is the Glusterfs volume path. |
| More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the Glusterfs |
| volume to be mounted with read-only permissions. |
| Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: boolean |
| required: |
| - endpoints |
| - path |
| type: object |
| hostPath: |
| description: 'hostPath represents a pre-existing |
| file or directory on the host machine that is |
| directly exposed to the container. This is generally |
| used for system agents or other privileged things |
| that are allowed to see the host machine. Most |
| containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
| --- TODO(jonesdl) We need to restrict who can |
| use host directory mounts and who can/can not |
| mount host directories as read/write.' |
| properties: |
| path: |
| description: 'path of the directory on the host. |
| If the path is a symlink, it will follow the |
| link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults |
| to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| iscsi: |
| description: 'iscsi represents an ISCSI Disk resource |
| that is attached to a kubelet''s host machine |
| and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' |
| properties: |
| chapAuthDiscovery: |
| description: chapAuthDiscovery defines whether |
| support iSCSI Discovery CHAP authentication |
| type: boolean |
| chapAuthSession: |
| description: chapAuthSession defines whether |
| support iSCSI Session CHAP authentication |
| type: boolean |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| initiatorName: |
| description: initiatorName is the custom iSCSI |
| Initiator Name. If initiatorName is specified |
| with iscsiInterface simultaneously, new iSCSI |
| interface <target portal>:<volume name> will |
| be created for the connection. |
| type: string |
| iqn: |
| description: iqn is the target iSCSI Qualified |
| Name. |
| type: string |
| iscsiInterface: |
| description: iscsiInterface is the interface |
| Name that uses an iSCSI transport. Defaults |
| to 'default' (tcp). |
| type: string |
| lun: |
| description: lun represents iSCSI Target Lun |
| number. |
| format: int32 |
| type: integer |
| portals: |
| description: portals is the iSCSI Target Portal |
| List. The portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| items: |
| type: string |
| type: array |
| readOnly: |
| description: readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| type: boolean |
| secretRef: |
| description: secretRef is the CHAP Secret for |
| iSCSI target and initiator authentication |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| targetPortal: |
| description: targetPortal is iSCSI Target Portal. |
| The Portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| type: string |
| required: |
| - iqn |
| - lun |
| - targetPortal |
| type: object |
| name: |
| description: 'name of the volume. Must be a DNS_LABEL |
| and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' |
| type: string |
| nfs: |
| description: 'nfs represents an NFS mount on the |
| host that shares a pod''s lifetime More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| properties: |
| path: |
| description: 'path that is exported by the NFS |
| server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the NFS |
| export to be mounted with read-only permissions. |
| Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: boolean |
| server: |
| description: 'server is the hostname or IP address |
| of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| required: |
| - path |
| - server |
| type: object |
| persistentVolumeClaim: |
| description: 'persistentVolumeClaimVolumeSource |
| represents a reference to a PersistentVolumeClaim |
| in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| properties: |
| claimName: |
| description: 'claimName is the name of a PersistentVolumeClaim |
| in the same namespace as the pod using this |
| volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| type: string |
| readOnly: |
| description: readOnly Will force the ReadOnly |
| setting in VolumeMounts. Default false. |
| type: boolean |
| required: |
| - claimName |
| type: object |
| photonPersistentDisk: |
| description: photonPersistentDisk represents a PhotonController |
| persistent disk attached and mounted on kubelets |
| host machine |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| pdID: |
| description: pdID is the ID that identifies |
| Photon Controller persistent disk |
| type: string |
| required: |
| - pdID |
| type: object |
| portworxVolume: |
| description: portworxVolume represents a portworx |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fSType represents the filesystem |
| type to mount Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| volumeID: |
| description: volumeID uniquely identifies a |
| Portworx volume |
| type: string |
| required: |
| - volumeID |
| type: object |
| projected: |
| description: projected items for all in one resources |
| secrets, configmaps, and downward API |
| properties: |
| defaultMode: |
| description: defaultMode are the mode bits used |
| to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set. |
| format: int32 |
| type: integer |
| sources: |
| description: sources is the list of volume projections |
| items: |
| description: Projection that may be projected |
| along with other supported volume types |
| properties: |
| configMap: |
| description: configMap information about |
| the configMap data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced ConfigMap |
| will be projected into the volume |
| as a file whose name is the key |
| and content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the ConfigMap, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether |
| the ConfigMap or its keys must be |
| defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| downwardAPI: |
| description: downwardAPI information about |
| the downwardAPI data to project |
| properties: |
| items: |
| description: Items is a list of DownwardAPIVolume |
| file |
| items: |
| description: DownwardAPIVolumeFile |
| represents information to create |
| the file containing the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects |
| a field of the pod: only annotations, |
| labels, name and namespace |
| are supported.' |
| properties: |
| apiVersion: |
| description: Version of |
| the schema the FieldPath |
| is written in terms of, |
| defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the |
| field to select in the |
| specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode |
| bits used to set permissions |
| on this file, must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path |
| is the relative path name |
| of the file to be created. |
| Must not be absolute or contain |
| the ''..'' path. Must be utf-8 |
| encoded. The first item of |
| the relative path must not |
| start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource |
| of the container: only resources |
| limits and requests (limits.cpu, |
| limits.memory, requests.cpu |
| and requests.memory) are currently |
| supported.' |
| properties: |
| containerName: |
| description: 'Container |
| name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the |
| output format of the exposed |
| resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: |
| resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| secret: |
| description: secret information about |
| the secret data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced Secret will |
| be projected into the volume as |
| a file whose name is the key and |
| content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the Secret, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional field specify |
| whether the Secret or its key must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| serviceAccountToken: |
| description: serviceAccountToken is information |
| about the serviceAccountToken data to |
| project |
| properties: |
| audience: |
| description: audience is the intended |
| audience of the token. A recipient |
| of a token must identify itself |
| with an identifier specified in |
| the audience of the token, and otherwise |
| should reject the token. The audience |
| defaults to the identifier of the |
| apiserver. |
| type: string |
| expirationSeconds: |
| description: expirationSeconds is |
| the requested duration of validity |
| of the service account token. As |
| the token approaches expiration, |
| the kubelet volume plugin will proactively |
| rotate the service account token. |
| The kubelet will start trying to |
| rotate the token if the token is |
| older than 80 percent of its time |
| to live or if the token is older |
| than 24 hours.Defaults to 1 hour |
| and must be at least 10 minutes. |
| format: int64 |
| type: integer |
| path: |
| description: path is the path relative |
| to the mount point of the file to |
| project the token into. |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| type: array |
| type: object |
| quobyte: |
| description: quobyte represents a Quobyte mount |
| on the host that shares a pod's lifetime |
| properties: |
| group: |
| description: group to map volume access to Default |
| is no group |
| type: string |
| readOnly: |
| description: readOnly here will force the Quobyte |
| volume to be mounted with read-only permissions. |
| Defaults to false. |
| type: boolean |
| registry: |
| description: registry represents a single or |
| multiple Quobyte Registry services specified |
| as a string as host:port pair (multiple entries |
| are separated with commas) which acts as the |
| central registry for volumes |
| type: string |
| tenant: |
| description: tenant owning the given Quobyte |
| volume in the Backend Used with dynamically |
| provisioned Quobyte volumes, value is set |
| by the plugin |
| type: string |
| user: |
| description: user to map volume access to Defaults |
| to serivceaccount user |
| type: string |
| volume: |
| description: volume is a string that references |
| an already created Quobyte volume by name. |
| type: string |
| required: |
| - registry |
| - volume |
| type: object |
| rbd: |
| description: 'rbd represents a Rados Block Device |
| mount on the host that shares a pod''s lifetime. |
| More info: https://examples.k8s.io/volumes/rbd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| image: |
| description: 'image is the rados image name. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| keyring: |
| description: 'keyring is the path to key ring |
| for RBDUser. Default is /etc/ceph/keyring. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| monitors: |
| description: 'monitors is a collection of Ceph |
| monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| pool: |
| description: 'pool is the rados pool name. Default |
| is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: boolean |
| secretRef: |
| description: 'secretRef is name of the authentication |
| secret for RBDUser. If provided overrides |
| keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is the rados user name. Default |
| is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| required: |
| - image |
| - monitors |
| type: object |
| scaleIO: |
| description: scaleIO represents a ScaleIO persistent |
| volume attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Default is "xfs". |
| type: string |
| gateway: |
| description: gateway is the host address of |
| the ScaleIO API Gateway. |
| type: string |
| protectionDomain: |
| description: protectionDomain is the name of |
| the ScaleIO Protection Domain for the configured |
| storage. |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef references to the secret |
| for ScaleIO user and other sensitive information. |
| If this is not provided, Login operation will |
| fail. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| sslEnabled: |
| description: sslEnabled Flag enable/disable |
| SSL communication with Gateway, default false |
| type: boolean |
| storageMode: |
| description: storageMode indicates whether the |
| storage for a volume should be ThickProvisioned |
| or ThinProvisioned. Default is ThinProvisioned. |
| type: string |
| storagePool: |
| description: storagePool is the ScaleIO Storage |
| Pool associated with the protection domain. |
| type: string |
| system: |
| description: system is the name of the storage |
| system as configured in ScaleIO. |
| type: string |
| volumeName: |
| description: volumeName is the name of a volume |
| already created in the ScaleIO system that |
| is associated with this volume source. |
| type: string |
| required: |
| - gateway |
| - secretRef |
| - system |
| type: object |
| secret: |
| description: 'secret represents a secret that should |
| populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| properties: |
| defaultMode: |
| description: 'defaultMode is Optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items If unspecified, each key-value |
| pair in the Data field of the referenced Secret |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the Secret, the volume |
| setup will error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| optional: |
| description: optional field specify whether |
| the Secret or its keys must be defined |
| type: boolean |
| secretName: |
| description: 'secretName is the name of the |
| secret in the pod''s namespace to use. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| type: string |
| type: object |
| storageos: |
| description: storageOS represents a StorageOS volume |
| attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef specifies the secret |
| to use for obtaining the StorageOS API credentials. If |
| not specified, default values will be attempted. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeName: |
| description: volumeName is the human-readable |
| name of the StorageOS volume. Volume names |
| are only unique within a namespace. |
| type: string |
| volumeNamespace: |
| description: volumeNamespace specifies the scope |
| of the volume within StorageOS. If no namespace |
| is specified then the Pod's namespace will |
| be used. This allows the Kubernetes name |
| scoping to be mirrored within StorageOS for |
| tighter integration. Set VolumeName to any |
| name to override the default behaviour. Set |
| to "default" if you are not using namespaces |
| within StorageOS. Namespaces that do not pre-exist |
| within StorageOS will be created. |
| type: string |
| type: object |
| vsphereVolume: |
| description: vsphereVolume represents a vSphere |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fsType is filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| storagePolicyID: |
| description: storagePolicyID is the storage |
| Policy Based Management (SPBM) profile ID |
| associated with the StoragePolicyName. |
| type: string |
| storagePolicyName: |
| description: storagePolicyName is the storage |
| Policy Based Management (SPBM) profile name. |
| type: string |
| volumePath: |
| description: volumePath is the path that identifies |
| vSphere volume vmdk |
| type: string |
| required: |
| - volumePath |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| type: object |
| type: object |
| jobService: |
| description: Deploys the Job service for use by "prod" profile |
| workflows. |
| properties: |
| enabled: |
| description: Determines whether "prod" profile workflows should |
| be configured to use this service |
| type: boolean |
| persistence: |
| description: Persists service to a datasource of choice. Ephemeral |
| by default. |
| maxProperties: 1 |
| properties: |
| postgresql: |
| description: Connect configured services to a postgresql |
| database. |
| maxProperties: 2 |
| minProperties: 2 |
| properties: |
| jdbcUrl: |
| description: PostgreSql JDBC URL. Mutually exclusive |
| to serviceRef. e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service" |
| type: string |
| secretRef: |
| description: Secret reference to the database user |
| credentials |
| properties: |
| name: |
| description: Name of the postgresql credentials |
| secret. |
| type: string |
| passwordKey: |
| description: Defaults to POSTGRESQL_PASSWORD |
| type: string |
| userKey: |
| description: Defaults to POSTGRESQL_USER |
| type: string |
| required: |
| - name |
| type: object |
| serviceRef: |
| description: Service reference to postgresql datasource. |
| Mutually exclusive to jdbcUrl. |
| properties: |
| databaseName: |
| description: Name of postgresql database to be |
| used. Defaults to "sonataflow" |
| type: string |
| databaseSchema: |
| description: Schema of postgresql database to |
| be used. Defaults to "data-index-service" |
| type: string |
| name: |
| description: Name of the postgresql k8s service. |
| type: string |
| namespace: |
| description: Namespace of the postgresql k8s service. |
| Defaults to the SonataFlowPlatform's local namespace. |
| type: string |
| port: |
| description: Port to use when connecting to the |
| postgresql k8s service. Defaults to 5432. |
| type: integer |
| required: |
| - name |
| type: object |
| required: |
| - secretRef |
| type: object |
| type: object |
| podTemplate: |
| description: PodTemplate describes the deployment details |
| of this platform service instance. |
| properties: |
| activeDeadlineSeconds: |
| description: Optional duration in seconds the pod may |
| be active on the node relative to StartTime before the |
| system will actively try to mark it failed and kill |
| associated containers. Value must be a positive integer. |
| format: int64 |
| type: integer |
| affinity: |
| description: If specified, the pod's scheduling constraints |
| properties: |
| nodeAffinity: |
| description: Describes node affinity scheduling rules |
| for the pod. |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a |
| node that violates one or more of the expressions. |
| The node that is most preferred is the one with |
| the greatest sum of weights, i.e. for each node |
| that meets all of the scheduling requirements |
| (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by |
| iterating through the elements of this field |
| and adding "weight" to the sum if the node matches |
| the corresponding matchExpressions; the node(s) |
| with the highest sum are the most preferred. |
| items: |
| description: An empty preferred scheduling term |
| matches all objects with implicit weight 0 |
| (i.e. it's a no-op). A null preferred scheduling |
| term matches no objects (i.e. is also a no-op). |
| properties: |
| preference: |
| description: A node selector term, associated |
| with the corresponding weight. |
| properties: |
| matchExpressions: |
| description: A list of node selector |
| requirements by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector |
| requirements by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| weight: |
| description: Weight associated with matching |
| the corresponding nodeSelectorTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - preference |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, |
| the pod will not be scheduled onto the node. |
| If the affinity requirements specified by this |
| field cease to be met at some point during pod |
| execution (e.g. due to an update), the system |
| may or may not try to eventually evict the pod |
| from its node. |
| properties: |
| nodeSelectorTerms: |
| description: Required. A list of node selector |
| terms. The terms are ORed. |
| items: |
| description: A null or empty node selector |
| term matches no objects. The requirements |
| of them are ANDed. The TopologySelectorTerm |
| type implements a subset of the NodeSelectorTerm. |
| properties: |
| matchExpressions: |
| description: A list of node selector |
| requirements by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector |
| requirements by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| required: |
| - nodeSelectorTerms |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| podAffinity: |
| description: Describes pod affinity scheduling rules |
| (e.g. co-locate this pod in the same node, zone, |
| etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a |
| node that violates one or more of the expressions. |
| The node that is most preferred is the one with |
| the greatest sum of weights, i.e. for each node |
| that meets all of the scheduling requirements |
| (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by |
| iterating through the elements of this field |
| and adding "weight" to the sum if the node has |
| pods which matches the corresponding podAffinityTerm; |
| the node(s) with the highest sum are the most |
| preferred. |
| items: |
| description: The weights of all of the matched |
| WeightedPodAffinityTerm fields are added per-node |
| to find the most preferred node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set |
| of resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the |
| set of namespaces that the term applies |
| to. The term is applied to the union |
| of the namespaces selected by this |
| field and the ones listed in the namespaces |
| field. null selector and null or empty |
| namespaces list means "this pod's |
| namespace". An empty selector ({}) |
| matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a |
| static list of namespace names that |
| the term applies to. The term is applied |
| to the union of the namespaces listed |
| in this field and the ones selected |
| by namespaceSelector. null or empty |
| namespaces list and null namespaceSelector |
| means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where |
| co-located is defined as running on |
| a node whose value of the label with |
| key topologyKey matches that of any |
| node on which any of the selected |
| pods is running. Empty topologyKey |
| is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, |
| the pod will not be scheduled onto the node. |
| If the affinity requirements specified by this |
| field cease to be met at some point during pod |
| execution (e.g. due to a pod label update), |
| the system may or may not try to eventually |
| evict the pod from its node. When there are |
| multiple elements, the lists of nodes corresponding |
| to each podAffinityTerm are intersected, i.e. |
| all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the |
| given namespace(s)) that this pod should be |
| co-located (affinity) or not co-located (anti-affinity) |
| with, where co-located is defined as running |
| on a node whose value of the label with key |
| <topologyKey> matches that of any node on |
| which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| podAntiAffinity: |
| description: Describes pod anti-affinity scheduling |
| rules (e.g. avoid putting this pod in the same node, |
| zone, etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the anti-affinity |
| expressions specified by this field, but it |
| may choose a node that violates one or more |
| of the expressions. The node that is most preferred |
| is the one with the greatest sum of weights, |
| i.e. for each node that meets all of the scheduling |
| requirements (resource request, requiredDuringScheduling |
| anti-affinity expressions, etc.), compute a |
| sum by iterating through the elements of this |
| field and adding "weight" to the sum if the |
| node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest |
| sum are the most preferred. |
| items: |
| description: The weights of all of the matched |
| WeightedPodAffinityTerm fields are added per-node |
| to find the most preferred node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set |
| of resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the |
| set of namespaces that the term applies |
| to. The term is applied to the union |
| of the namespaces selected by this |
| field and the ones listed in the namespaces |
| field. null selector and null or empty |
| namespaces list means "this pod's |
| namespace". An empty selector ({}) |
| matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a |
| static list of namespace names that |
| the term applies to. The term is applied |
| to the union of the namespaces listed |
| in this field and the ones selected |
| by namespaceSelector. null or empty |
| namespaces list and null namespaceSelector |
| means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where |
| co-located is defined as running on |
| a node whose value of the label with |
| key topologyKey matches that of any |
| node on which any of the selected |
| pods is running. Empty topologyKey |
| is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the anti-affinity requirements |
| specified by this field are not met at scheduling |
| time, the pod will not be scheduled onto the |
| node. If the anti-affinity requirements specified |
| by this field cease to be met at some point |
| during pod execution (e.g. due to a pod label |
| update), the system may or may not try to eventually |
| evict the pod from its node. When there are |
| multiple elements, the lists of nodes corresponding |
| to each podAffinityTerm are intersected, i.e. |
| all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the |
| given namespace(s)) that this pod should be |
| co-located (affinity) or not co-located (anti-affinity) |
| with, where co-located is defined as running |
| on a node whose value of the label with key |
| <topologyKey> matches that of any node on |
| which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| type: object |
| automountServiceAccountToken: |
| description: AutomountServiceAccountToken indicates whether |
| a service account token should be automatically mounted. |
| type: boolean |
| container: |
| description: Container is the Kubernetes container where |
| the application should run. One can change this attribute |
| in order to override the defaults provided by the operator. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of |
| whether the variable exists or not. Cannot be updated. |
| More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. |
| If a variable cannot be resolved, the reference |
| in the input string will be unchanged. Double $$ |
| are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will |
| produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of |
| whether the variable exists or not. Cannot be updated. |
| More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set |
| in the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined |
| environment variables in the container and |
| any service environment variables. If a variable |
| cannot be resolved, the reference in the input |
| string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the |
| $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will |
| produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, |
| regardless of whether the variable exists |
| or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, |
| defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and requests |
| (limits.cpu, limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults |
| to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container |
| is starting. When a key exists in multiple sources, |
| the value associated with the last source will take |
| precedence. Values defined by an Env with a duplicate |
| key will take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source |
| of a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag |
| is specified, or IfNotPresent otherwise. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. |
| Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately |
| after a container is created. If the handler |
| fails, the container is terminated and restarted |
| according to its restart policy. Other management |
| of the container blocks until the hook completes. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the |
| working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to explicitly |
| call out to that shell. Exit status |
| of 0 is treated as live/healthy and |
| non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a |
| custom header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names |
| will be understood as the same |
| header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There are |
| no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup |
| probe failure, preemption, resource contention, |
| etc. The handler is not called if the container |
| crashes or exits. The Pod''s termination grace |
| period countdown begins before the PreStop hook |
| is executed. Regardless of the outcome of the |
| handler, the container will eventually terminate |
| within the Pod''s termination grace period (unless |
| delayed by finalizers). Other management of |
| the container blocks until the hook completes |
| or until the termination grace period is reached. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the |
| working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to explicitly |
| call out to that shell. Exit status |
| of 0 is treated as live/healthy and |
| non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a |
| custom header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names |
| will be understood as the same |
| header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There are |
| no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside a |
| shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you |
| need to explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon output, |
| so case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration in |
| seconds after the processes running in the pod |
| are sent a termination signal and the time when |
| the processes are forcibly halted with a kill |
| signal. Set this value longer than the expected |
| cleanup time for your process. If this value |
| is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that |
| port from being exposed. Any port which is listening |
| on the default "0.0.0.0" address inside a container |
| will be accessible from the network. Modifying this |
| array with strategic merge patch may corrupt the |
| data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network |
| port in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the |
| pod's IP address. This must be a valid port |
| number, 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the |
| host. If specified, this must be a valid port |
| number, 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port |
| in a pod must have a unique name. Name for |
| the port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, |
| TCP, or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service |
| readiness. Container will be removed from service |
| endpoints if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside a |
| shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you |
| need to explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon output, |
| so case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration in |
| seconds after the processes running in the pod |
| are sent a termination signal and the time when |
| the processes are forcibly halted with a kill |
| signal. Set this value longer than the expected |
| cleanup time for your process. If this value |
| is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which |
| this resource resize policy applies. Supported |
| values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it |
| defaults to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It |
| can only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of |
| one entry in pod.spec.resourceClaims of |
| the Pod where this field is used. It makes |
| that resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security |
| options the container should be run with. If set, |
| the fields of SecurityContext override the equivalent |
| fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the |
| container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run |
| as Privileged 2) has CAP_SYS_ADMIN Note that |
| this field cannot be set when spec.os.name is |
| windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when |
| running containers. Defaults to the default |
| set of capabilities granted by the container |
| runtime. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. |
| Processes in privileged containers are essentially |
| equivalent to root on the host. Defaults to |
| false. Note that this field cannot be set when |
| spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default |
| is DefaultProcMount which uses the container |
| runtime defaults for readonly paths and masked |
| paths. This requires the ProcMountType feature |
| flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of |
| the container process. Uses runtime default |
| if unset. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must |
| run as a non-root user. If true, the Kubelet |
| will validate the image at runtime to ensure |
| that it does not run as UID 0 (root) and fail |
| to start the container if it does. If unset |
| or false, no such validation will be performed. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of |
| the container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified |
| in SecurityContext takes precedence. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied |
| to the container. If unspecified, the container |
| runtime will allocate a random SELinux context |
| for each container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label |
| that applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label |
| that applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label |
| that applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label |
| that applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a |
| profile defined in a file on the node should |
| be used. The profile must be preconfigured |
| on the node to work. Must be a descending |
| path, relative to the kubelet's configured |
| seccomp profile location. Must only be set |
| if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of |
| seccomp profile will be applied. Valid options |
| are: \n Localhost - a profile defined in |
| a file on the node should be used. RuntimeDefault |
| - the container runtime default profile |
| should be used. Unconfined - no profile |
| should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be set |
| when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName |
| field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the |
| name of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| This field is alpha-level and will only |
| be honored by components that enable the |
| WindowsHostProcessContainers feature flag. |
| Setting this field without the feature flag |
| will result in errors when validating the |
| Pod. All of a Pod's containers must have |
| the same effective HostProcess value (it |
| is not allowed to have a mix of HostProcess |
| containers and non-HostProcess containers). In |
| addition, if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. |
| Defaults to the user specified in image |
| metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified |
| in SecurityContext takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod |
| has successfully initialized. If specified, no other |
| probes are executed until this completes successfully. |
| If this probe fails, the Pod will be restarted, |
| just as if the livenessProbe failed. This can be |
| used to provide different probe parameters at the |
| beginning of a Pod''s lifecycle, when it might take |
| a long time to load data or warm a cache, than during |
| steady-state operation. This cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside a |
| shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you |
| need to explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon output, |
| so case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to |
| access on the container. Number must be |
| in the range 1 to 65535. Name must be an |
| IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration in |
| seconds after the processes running in the pod |
| are sent a termination signal and the time when |
| the processes are forcibly halted with a kill |
| signal. Set this value longer than the expected |
| cleanup time for your process. If this value |
| is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If |
| this is not set, reads from stdin in the container |
| will always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should |
| close the stdin channel after it has been opened |
| by a single attach. When stdin is true the stdin |
| stream will remain open across multiple attach sessions. |
| If stdinOnce is set to true, stdin is opened on |
| container start, is empty until the first client |
| attaches to stdin, and then remains open and accepts |
| data until the client disconnects, at which time |
| stdin is closed and remains closed until the container |
| is restarted. If this flag is false, a container |
| processes that reads from stdin will never receive |
| an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to |
| which the container''s termination message will |
| be written is mounted into the container''s filesystem. |
| Message written is intended to be brief final status, |
| such as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message |
| should be populated. File will use the contents |
| of terminationMessagePath to populate the container |
| status message on both success and failure. FallbackToLogsOnError |
| will use the last chunk of container log output |
| if the termination message file is empty and the |
| container exited with an error. The log output is |
| limited to 2048 bytes or 80 lines, whichever is |
| smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of |
| a raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of |
| a Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how |
| mounts are propagated from the host to container |
| and the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults |
| to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. |
| Defaults to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume |
| from which the container's volume should be |
| mounted. Behaves similarly to SubPath but |
| environment variable references $(VAR_NAME) |
| are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| containers: |
| description: List of containers belonging to the pod. |
| Containers cannot currently be added or removed. There |
| must be at least one container in a Pod. Cannot be updated. |
| items: |
| description: A single application container that you |
| want to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. |
| Variable references $(VAR_NAME) are expanded using |
| the container''s environment. If a variable cannot |
| be resolved, the reference in the input string |
| will be unchanged. Double $$ are reduced to a |
| single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will |
| never be expanded, regardless of whether the variable |
| exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is |
| used if this is not provided. Variable references |
| $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Cannot |
| be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set |
| in the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment |
| variable present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined |
| environment variables in the container and |
| any service environment variables. If a |
| variable cannot be resolved, the reference |
| in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. |
| "$$(VAR_NAME)" will produce the string literal |
| "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable |
| exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret |
| in the pod's namespace |
| properties: |
| key: |
| description: The key of the secret |
| to select from. Must be a valid |
| secret key. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container |
| is starting. When a key exists in multiple sources, |
| the value associated with the last source will |
| take precedence. Values defined by an Env with |
| a duplicate key will take precedence. Cannot be |
| updated. |
| items: |
| description: EnvFromSource represents the source |
| of a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a |
| C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, |
| Never, IfNotPresent. Defaults to Always if :latest |
| tag is specified, or IfNotPresent otherwise. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system |
| should take in response to container lifecycle |
| events. Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately |
| after a container is created. If the handler |
| fails, the container is terminated and restarted |
| according to its restart policy. Other management |
| of the container blocks until the hook completes. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately |
| before a container is terminated due to an |
| API request or management event such as liveness/startup |
| probe failure, preemption, resource contention, |
| etc. The handler is not called if the container |
| crashes or exits. The Pod''s termination grace |
| period countdown begins before the PreStop |
| hook is executed. Regardless of the outcome |
| of the handler, the container will eventually |
| terminate within the Pod''s termination grace |
| period (unless delayed by finalizers). Other |
| management of the container blocks until the |
| hook completes or until the termination grace |
| period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as |
| a DNS_LABEL. Each container in a pod must have |
| a unique name (DNS_LABEL). Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that |
| port from being exposed. Any port which is listening |
| on the default "0.0.0.0" address inside a container |
| will be accessible from the network. Modifying |
| this array with strategic merge patch may corrupt |
| the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network |
| port in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the |
| pod's IP address. This must be a valid port |
| number, 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the |
| host. If specified, this must be a valid |
| port number, 0 < x < 65536. If HostNetwork |
| is specified, this must match ContainerPort. |
| Most containers do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an |
| IANA_SVC_NAME and unique within the pod. |
| Each named port in a pod must have a unique |
| name. Name for the port that can be referred |
| to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, |
| TCP, or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service |
| readiness. Container will be removed from service |
| endpoints if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents |
| resource resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which |
| this resource resize policy applies. Supported |
| values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when |
| specified resource is resized. If not specified, |
| it defaults to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this |
| container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. |
| It can only be set for containers." |
| items: |
| description: ResourceClaim references one |
| entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name |
| of one entry in pod.spec.resourceClaims |
| of the Pod where this field is used. |
| It makes that resource available inside |
| a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum |
| amount of compute resources required. If Requests |
| is omitted for a container, it defaults to |
| Limits if that is explicitly specified, otherwise |
| to an implementation-defined value. Requests |
| cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security |
| options the container should be run with. If set, |
| the fields of SecurityContext override the equivalent |
| fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges |
| than its parent process. This bool directly |
| controls if the no_new_privs flag will be |
| set on the container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run |
| as Privileged 2) has CAP_SYS_ADMIN Note that |
| this field cannot be set when spec.os.name |
| is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when |
| running containers. Defaults to the default |
| set of capabilities granted by the container |
| runtime. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. |
| Processes in privileged containers are essentially |
| equivalent to root on the host. Defaults to |
| false. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default |
| is DefaultProcMount which uses the container |
| runtime defaults for readonly paths and masked |
| paths. This requires the ProcMountType feature |
| flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of |
| the container process. Uses runtime default |
| if unset. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must |
| run as a non-root user. If true, the Kubelet |
| will validate the image at runtime to ensure |
| that it does not run as UID 0 (root) and fail |
| to start the container if it does. If unset |
| or false, no such validation will be performed. |
| May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of |
| the container process. Defaults to user specified |
| in image metadata if unspecified. May also |
| be set in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the |
| value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied |
| to the container. If unspecified, the container |
| runtime will allocate a random SELinux context |
| for each container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label |
| that applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label |
| that applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label |
| that applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label |
| that applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided |
| at both the pod & container level, the container |
| options override the pod options. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates |
| a profile defined in a file on the node |
| should be used. The profile must be preconfigured |
| on the node to work. Must be a descending |
| path, relative to the kubelet's configured |
| seccomp profile location. Must only be |
| set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind |
| of seccomp profile will be applied. Valid |
| options are: \n Localhost - a profile |
| defined in a file on the node should be |
| used. RuntimeDefault - the container runtime |
| default profile should be used. Unconfined |
| - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where |
| the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName |
| field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the |
| name of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a |
| container should be run as a 'Host Process' |
| container. This field is alpha-level and |
| will only be honored by components that |
| enable the WindowsHostProcessContainers |
| feature flag. Setting this field without |
| the feature flag will result in errors |
| when validating the Pod. All of a Pod's |
| containers must have the same effective |
| HostProcess value (it is not allowed to |
| have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to |
| run the entrypoint of the container process. |
| Defaults to the user specified in image |
| metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod |
| has successfully initialized. If specified, no |
| other probes are executed until this completes |
| successfully. If this probe fails, the Pod will |
| be restarted, just as if the livenessProbe failed. |
| This can be used to provide different probe parameters |
| at the beginning of a Pod''s lifecycle, when it |
| might take a long time to load data or warm a |
| cache, than during steady-state operation. This |
| cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If |
| this is not set, reads from stdin in the container |
| will always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should |
| close the stdin channel after it has been opened |
| by a single attach. When stdin is true the stdin |
| stream will remain open across multiple attach |
| sessions. If stdinOnce is set to true, stdin is |
| opened on container start, is empty until the |
| first client attaches to stdin, and then remains |
| open and accepts data until the client disconnects, |
| at which time stdin is closed and remains closed |
| until the container is restarted. If this flag |
| is false, a container processes that reads from |
| stdin will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to |
| which the container''s termination message will |
| be written is mounted into the container''s filesystem. |
| Message written is intended to be brief final |
| status, such as an assertion failure message. |
| Will be truncated by the node if greater than |
| 4096 bytes. The total message length across all |
| containers will be limited to 12kb. Defaults to |
| /dev/termination-log. Cannot be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message |
| should be populated. File will use the contents |
| of terminationMessagePath to populate the container |
| status message on both success and failure. FallbackToLogsOnError |
| will use the last chunk of container log output |
| if the termination message file is empty and the |
| container exited with an error. The log output |
| is limited to 2048 bytes or 80 lines, whichever |
| is smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be |
| true. Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block |
| devices to be used by the container. |
| items: |
| description: volumeDevice describes a mapping |
| of a raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside |
| of the container that the device will be |
| mapped to. |
| type: string |
| name: |
| description: name must match the name of a |
| persistentVolumeClaim in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting |
| of a Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at |
| which the volume should be mounted. Must |
| not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how |
| mounts are propagated from the host to container |
| and the other way around. When not set, |
| MountPropagationNone is used. This field |
| is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a |
| Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults |
| to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. |
| Defaults to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume |
| from which the container's volume should |
| be mounted. Behaves similarly to SubPath |
| but environment variable references $(VAR_NAME) |
| are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not |
| specified, the container runtime's default will |
| be used, which might be configured in the container |
| image. Cannot be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| dnsConfig: |
| description: Specifies the DNS parameters of a pod. Parameters |
| specified here will be merged to the generated DNS configuration |
| based on DNSPolicy. |
| properties: |
| nameservers: |
| description: A list of DNS name server IP addresses. |
| This will be appended to the base nameservers generated |
| from DNSPolicy. Duplicated nameservers will be removed. |
| items: |
| type: string |
| type: array |
| options: |
| description: A list of DNS resolver options. This |
| will be merged with the base options generated from |
| DNSPolicy. Duplicated entries will be removed. Resolution |
| options given in Options will override those that |
| appear in the base DNSPolicy. |
| items: |
| description: PodDNSConfigOption defines DNS resolver |
| options of a pod. |
| properties: |
| name: |
| description: Required. |
| type: string |
| value: |
| type: string |
| type: object |
| type: array |
| searches: |
| description: A list of DNS search domains for host-name |
| lookup. This will be appended to the base search |
| paths generated from DNSPolicy. Duplicated search |
| paths will be removed. |
| items: |
| type: string |
| type: array |
| type: object |
| dnsPolicy: |
| description: Set DNS policy for the pod. Defaults to "ClusterFirst". |
| Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', |
| 'Default' or 'None'. DNS parameters given in DNSConfig |
| will be merged with the policy selected with DNSPolicy. |
| To have DNS options set along with hostNetwork, you |
| have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. |
| type: string |
| enableServiceLinks: |
| description: 'EnableServiceLinks indicates whether information |
| about services should be injected into pod''s environment |
| variables, matching the syntax of Docker links. Optional: |
| Defaults to true.' |
| type: boolean |
| hostAliases: |
| description: HostAliases is an optional list of hosts |
| and IPs that will be injected into the pod's hosts file |
| if specified. This is only valid for non-hostNetwork |
| pods. |
| items: |
| description: HostAlias holds the mapping between IP |
| and hostnames that will be injected as an entry in |
| the pod's hosts file. |
| properties: |
| hostnames: |
| description: Hostnames for the above IP address. |
| items: |
| type: string |
| type: array |
| ip: |
| description: IP address of the host file entry. |
| type: string |
| type: object |
| type: array |
| hostIPC: |
| description: 'Use the host''s ipc namespace. Optional: |
| Default to false.' |
| type: boolean |
| hostNetwork: |
| description: Host networking requested for this pod. Use |
| the host's network namespace. If this option is set, |
| the ports that will be used must be specified. Default |
| to false. |
| type: boolean |
| hostPID: |
| description: 'Use the host''s pid namespace. Optional: |
| Default to false.' |
| type: boolean |
| hostUsers: |
| description: 'Use the host''s user namespace. Optional: |
| Default to true. If set to true or not present, the |
| pod will be run in the host user namespace, useful for |
| when the pod needs a feature only available to the host |
| user namespace, such as loading a kernel module with |
| CAP_SYS_MODULE. When set to false, a new userns is created |
| for the pod. Setting false is useful for mitigating |
| container breakout vulnerabilities even allowing users |
| to run their containers as root without actually having |
| root privileges on the host. This field is alpha-level |
| and is only honored by servers that enable the UserNamespacesSupport |
| feature.' |
| type: boolean |
| hostname: |
| description: Specifies the hostname of the Pod If not |
| specified, the pod's hostname will be set to a system-defined |
| value. |
| type: string |
| imagePullSecrets: |
| description: 'ImagePullSecrets is an optional list of |
| references to secrets in the same namespace to use for |
| pulling any of the images used by this PodSpec. If specified, |
| these secrets will be passed to individual puller implementations |
| for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' |
| items: |
| description: LocalObjectReference contains enough information |
| to let you locate the referenced object inside the |
| same namespace. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| initContainers: |
| description: 'List of initialization containers belonging |
| to the pod. Init containers are executed in order prior |
| to containers being started. If any init container fails, |
| the pod is considered to have failed and is handled |
| according to its restartPolicy. The name for an init |
| container or normal container must be unique among all |
| containers. Init containers may not have Lifecycle actions, |
| Readiness probes, Liveness probes, or Startup probes. |
| The resourceRequirements of an init container are taken |
| into account during scheduling by finding the highest |
| request/limit for each resource type, and then using |
| the max of of that value or the sum of the normal containers. |
| Limits are applied to init containers in a similar fashion. |
| Init containers cannot currently be added or removed. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' |
| items: |
| description: A single application container that you |
| want to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. |
| Variable references $(VAR_NAME) are expanded using |
| the container''s environment. If a variable cannot |
| be resolved, the reference in the input string |
| will be unchanged. Double $$ are reduced to a |
| single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will |
| never be expanded, regardless of whether the variable |
| exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is |
| used if this is not provided. Variable references |
| $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Cannot |
| be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set |
| in the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment |
| variable present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined |
| environment variables in the container and |
| any service environment variables. If a |
| variable cannot be resolved, the reference |
| in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. |
| "$$(VAR_NAME)" will produce the string literal |
| "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable |
| exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret |
| in the pod's namespace |
| properties: |
| key: |
| description: The key of the secret |
| to select from. Must be a valid |
| secret key. |
| type: string |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container |
| is starting. When a key exists in multiple sources, |
| the value associated with the last source will |
| take precedence. Values defined by an Env with |
| a duplicate key will take precedence. Cannot be |
| updated. |
| items: |
| description: EnvFromSource represents the source |
| of a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a |
| C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, |
| Never, IfNotPresent. Defaults to Always if :latest |
| tag is specified, or IfNotPresent otherwise. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system |
| should take in response to container lifecycle |
| events. Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately |
| after a container is created. If the handler |
| fails, the container is terminated and restarted |
| according to its restart policy. Other management |
| of the container blocks until the hook completes. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately |
| before a container is terminated due to an |
| API request or management event such as liveness/startup |
| probe failure, preemption, resource contention, |
| etc. The handler is not called if the container |
| crashes or exits. The Pod''s termination grace |
| period countdown begins before the PreStop |
| hook is executed. Regardless of the outcome |
| of the handler, the container will eventually |
| terminate within the Pod''s termination grace |
| period (unless delayed by finalizers). Other |
| management of the container blocks until the |
| hook completes or until the termination grace |
| period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to |
| take. |
| properties: |
| command: |
| description: Command is the command |
| line to execute inside the container, |
| the working directory for the command is |
| root ('/') in the container's filesystem. |
| The command is simply exec'd, it is |
| not run inside a shell, so traditional |
| shell instructions ('|', etc) won't |
| work. To use a shell, you need to |
| explicitly call out to that shell. |
| Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http |
| request to perform. |
| properties: |
| host: |
| description: Host name to connect to, |
| defaults to the pod IP. You probably |
| want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in |
| the request. HTTP allows repeated |
| headers. |
| items: |
| description: HTTPHeader describes |
| a custom header to be used in HTTP |
| probes |
| properties: |
| name: |
| description: The header field |
| name. This will be canonicalized |
| upon output, so case-variant |
| names will be understood as |
| the same header. |
| type: string |
| value: |
| description: The header field |
| value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT |
| supported as a LifecycleHandler and kept |
| for the backward compatibility. There |
| are no validation of this field and lifecycle |
| hooks will fail in runtime when tcp handler |
| is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to |
| connect to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number |
| must be in the range 1 to 65535. Name |
| must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as |
| a DNS_LABEL. Each container in a pod must have |
| a unique name (DNS_LABEL). Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that |
| port from being exposed. Any port which is listening |
| on the default "0.0.0.0" address inside a container |
| will be accessible from the network. Modifying |
| this array with strategic merge patch may corrupt |
| the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network |
| port in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the |
| pod's IP address. This must be a valid port |
| number, 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the |
| host. If specified, this must be a valid |
| port number, 0 < x < 65536. If HostNetwork |
| is specified, this must match ContainerPort. |
| Most containers do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an |
| IANA_SVC_NAME and unique within the pod. |
| Each named port in a pod must have a unique |
| name. Name for the port that can be referred |
| to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, |
| TCP, or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service |
| readiness. Container will be removed from service |
| endpoints if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents |
| resource resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which |
| this resource resize policy applies. Supported |
| values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when |
| specified resource is resized. If not specified, |
| it defaults to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this |
| container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. |
| It can only be set for containers." |
| items: |
| description: ResourceClaim references one |
| entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name |
| of one entry in pod.spec.resourceClaims |
| of the Pod where this field is used. |
| It makes that resource available inside |
| a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum |
| amount of compute resources required. If Requests |
| is omitted for a container, it defaults to |
| Limits if that is explicitly specified, otherwise |
| to an implementation-defined value. Requests |
| cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security |
| options the container should be run with. If set, |
| the fields of SecurityContext override the equivalent |
| fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges |
| than its parent process. This bool directly |
| controls if the no_new_privs flag will be |
| set on the container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run |
| as Privileged 2) has CAP_SYS_ADMIN Note that |
| this field cannot be set when spec.os.name |
| is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when |
| running containers. Defaults to the default |
| set of capabilities granted by the container |
| runtime. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX |
| capabilities type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. |
| Processes in privileged containers are essentially |
| equivalent to root on the host. Defaults to |
| false. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default |
| is DefaultProcMount which uses the container |
| runtime defaults for readonly paths and masked |
| paths. This requires the ProcMountType feature |
| flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of |
| the container process. Uses runtime default |
| if unset. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must |
| run as a non-root user. If true, the Kubelet |
| will validate the image at runtime to ensure |
| that it does not run as UID 0 (root) and fail |
| to start the container if it does. If unset |
| or false, no such validation will be performed. |
| May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of |
| the container process. Defaults to user specified |
| in image metadata if unspecified. May also |
| be set in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the |
| value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied |
| to the container. If unspecified, the container |
| runtime will allocate a random SELinux context |
| for each container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label |
| that applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label |
| that applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label |
| that applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label |
| that applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided |
| at both the pod & container level, the container |
| options override the pod options. Note that |
| this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates |
| a profile defined in a file on the node |
| should be used. The profile must be preconfigured |
| on the node to work. Must be a descending |
| path, relative to the kubelet's configured |
| seccomp profile location. Must only be |
| set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind |
| of seccomp profile will be applied. Valid |
| options are: \n Localhost - a profile |
| defined in a file on the node should be |
| used. RuntimeDefault - the container runtime |
| default profile should be used. Unconfined |
| - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. Note that this field cannot be |
| set when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where |
| the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName |
| field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the |
| name of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a |
| container should be run as a 'Host Process' |
| container. This field is alpha-level and |
| will only be honored by components that |
| enable the WindowsHostProcessContainers |
| feature flag. Setting this field without |
| the feature flag will result in errors |
| when validating the Pod. All of a Pod's |
| containers must have the same effective |
| HostProcess value (it is not allowed to |
| have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to |
| run the entrypoint of the container process. |
| Defaults to the user specified in image |
| metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod |
| has successfully initialized. If specified, no |
| other probes are executed until this completes |
| successfully. If this probe fails, the Pod will |
| be restarted, just as if the livenessProbe failed. |
| This can be used to provide different probe parameters |
| at the beginning of a Pod''s lifecycle, when it |
| might take a long time to load data or warm a |
| cache, than during steady-state operation. This |
| cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for |
| the probe to be considered failed after having |
| succeeded. Defaults to 3. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the |
| service to place in the gRPC HealthCheckRequest |
| (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default |
| behavior is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform |
| the probe. Default to 10 seconds. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for |
| the probe to be considered successful after |
| having failed. Defaults to 1. Must be 1 for |
| liveness and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the |
| pod needs to terminate gracefully upon probe |
| failure. The grace period is the duration |
| in seconds after the processes running in |
| the pod are sent a termination signal and |
| the time when the processes are forcibly halted |
| with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value |
| must be non-negative integer. The value zero |
| indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta |
| field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which |
| the probe times out. Defaults to 1 second. |
| Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If |
| this is not set, reads from stdin in the container |
| will always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should |
| close the stdin channel after it has been opened |
| by a single attach. When stdin is true the stdin |
| stream will remain open across multiple attach |
| sessions. If stdinOnce is set to true, stdin is |
| opened on container start, is empty until the |
| first client attaches to stdin, and then remains |
| open and accepts data until the client disconnects, |
| at which time stdin is closed and remains closed |
| until the container is restarted. If this flag |
| is false, a container processes that reads from |
| stdin will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to |
| which the container''s termination message will |
| be written is mounted into the container''s filesystem. |
| Message written is intended to be brief final |
| status, such as an assertion failure message. |
| Will be truncated by the node if greater than |
| 4096 bytes. The total message length across all |
| containers will be limited to 12kb. Defaults to |
| /dev/termination-log. Cannot be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message |
| should be populated. File will use the contents |
| of terminationMessagePath to populate the container |
| status message on both success and failure. FallbackToLogsOnError |
| will use the last chunk of container log output |
| if the termination message file is empty and the |
| container exited with an error. The log output |
| is limited to 2048 bytes or 80 lines, whichever |
| is smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be |
| true. Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block |
| devices to be used by the container. |
| items: |
| description: volumeDevice describes a mapping |
| of a raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside |
| of the container that the device will be |
| mapped to. |
| type: string |
| name: |
| description: name must match the name of a |
| persistentVolumeClaim in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting |
| of a Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at |
| which the volume should be mounted. Must |
| not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how |
| mounts are propagated from the host to container |
| and the other way around. When not set, |
| MountPropagationNone is used. This field |
| is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a |
| Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults |
| to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. |
| Defaults to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume |
| from which the container's volume should |
| be mounted. Behaves similarly to SubPath |
| but environment variable references $(VAR_NAME) |
| are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not |
| specified, the container runtime's default will |
| be used, which might be configured in the container |
| image. Cannot be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| nodeName: |
| description: NodeName is a request to schedule this pod |
| onto a specific node. If it is non-empty, the scheduler |
| simply schedules this pod onto that node, assuming that |
| it fits resource requirements. |
| type: string |
| nodeSelector: |
| additionalProperties: |
| type: string |
| description: 'NodeSelector is a selector which must be |
| true for the pod to fit on a node. Selector which must |
| match a node''s labels for the pod to be scheduled on |
| that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' |
| type: object |
| x-kubernetes-map-type: atomic |
| os: |
| description: "Specifies the OS of the containers in the |
| pod. Some pod and container fields are restricted if |
| this is set. \n If the OS field is set to linux, the |
| following fields must be unset: -securityContext.windowsOptions |
| \n If the OS field is set to windows, following fields |
| must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers |
| - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile |
| - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy |
| - spec.securityContext.sysctls - spec.shareProcessNamespace |
| - spec.securityContext.runAsUser - spec.securityContext.runAsGroup |
| - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions |
| - spec.containers[*].securityContext.seccompProfile |
| - spec.containers[*].securityContext.capabilities - |
| spec.containers[*].securityContext.readOnlyRootFilesystem |
| - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation |
| - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser |
| - spec.containers[*].securityContext.runAsGroup" |
| properties: |
| name: |
| description: 'Name is the name of the operating system. |
| The currently supported values are linux and windows. |
| Additional value may be defined in future and can |
| be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration |
| Clients should expect to handle additional values |
| and treat unrecognized values in this field as os: |
| null' |
| type: string |
| required: |
| - name |
| type: object |
| overhead: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Overhead represents the resource overhead |
| associated with running a pod for a given RuntimeClass. |
| This field will be autopopulated at admission time by |
| the RuntimeClass admission controller. If the RuntimeClass |
| admission controller is enabled, overhead must not be |
| set in Pod create requests. The RuntimeClass admission |
| controller will reject Pod create requests which have |
| the overhead already set. If RuntimeClass is configured |
| and selected in the PodSpec, Overhead will be set to |
| the value defined in the corresponding RuntimeClass, |
| otherwise it will remain unset and treated as zero. |
| More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' |
| type: object |
| preemptionPolicy: |
| description: PreemptionPolicy is the Policy for preempting |
| pods with lower priority. One of Never, PreemptLowerPriority. |
| Defaults to PreemptLowerPriority if unset. |
| type: string |
| priority: |
| description: The priority value. Various system components |
| use this field to find the priority of the pod. When |
| Priority Admission Controller is enabled, it prevents |
| users from setting this field. The admission controller |
| populates this field from PriorityClassName. The higher |
| the value, the higher the priority. |
| format: int32 |
| type: integer |
| priorityClassName: |
| description: If specified, indicates the pod's priority. |
| "system-node-critical" and "system-cluster-critical" |
| are two special keywords which indicate the highest |
| priorities with the former being the highest priority. |
| Any other name must be defined by creating a PriorityClass |
| object with that name. If not specified, the pod priority |
| will be default or zero if there is no default. |
| type: string |
| readinessGates: |
| description: 'If specified, all readiness gates will be |
| evaluated for pod readiness. A pod is ready when all |
| its containers are ready AND all conditions specified |
| in the readiness gates have status equal to "True" More |
| info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' |
| items: |
| description: PodReadinessGate contains the reference |
| to a pod condition |
| properties: |
| conditionType: |
| description: ConditionType refers to a condition |
| in the pod's condition list with matching type. |
| type: string |
| required: |
| - conditionType |
| type: object |
| type: array |
| replicas: |
| format: int32 |
| type: integer |
| resourceClaims: |
| description: "ResourceClaims defines which ResourceClaims |
| must be allocated and reserved before the Pod is allowed |
| to start. The resources will be made available to those |
| containers which consume them by name. \n This is an |
| alpha field and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable." |
| items: |
| description: PodResourceClaim references exactly one |
| ResourceClaim through a ClaimSource. It adds a name |
| to it that uniquely identifies the ResourceClaim inside |
| the Pod. Containers that need access to the ResourceClaim |
| reference it with this name. |
| properties: |
| name: |
| description: Name uniquely identifies this resource |
| claim inside the pod. This must be a DNS_LABEL. |
| type: string |
| source: |
| description: Source describes where to find the |
| ResourceClaim. |
| properties: |
| resourceClaimName: |
| description: ResourceClaimName is the name of |
| a ResourceClaim object in the same namespace |
| as this pod. |
| type: string |
| resourceClaimTemplateName: |
| description: "ResourceClaimTemplateName is the |
| name of a ResourceClaimTemplate object in |
| the same namespace as this pod. \n The template |
| will be used to create a new ResourceClaim, |
| which will be bound to this pod. When this |
| pod is deleted, the ResourceClaim will also |
| be deleted. The name of the ResourceClaim |
| will be <pod name>-<resource name>, where |
| <resource name> is the PodResourceClaim.Name. |
| Pod validation will reject the pod if the |
| concatenated name is not valid for a ResourceClaim |
| (e.g. too long). \n An existing ResourceClaim |
| with that name that is not owned by the pod |
| will not be used for the pod to avoid using |
| an unrelated resource by mistake. Scheduling |
| and pod startup are then blocked until the |
| unrelated ResourceClaim is removed. \n This |
| field is immutable and no changes will be |
| made to the corresponding ResourceClaim by |
| the control plane after creating the ResourceClaim." |
| type: string |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| restartPolicy: |
| description: 'Restart policy for all containers within |
| the pod. One of Always, OnFailure, Never. In some contexts, |
| only a subset of those values may be permitted. Default |
| to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' |
| type: string |
| runtimeClassName: |
| description: 'RuntimeClassName refers to a RuntimeClass |
| object in the node.k8s.io group, which should be used |
| to run this pod. If no RuntimeClass resource matches |
| the named class, the pod will not be run. If unset or |
| empty, the "legacy" RuntimeClass will be used, which |
| is an implicit class with an empty definition that uses |
| the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' |
| type: string |
| schedulerName: |
| description: If specified, the pod will be dispatched |
| by specified scheduler. If not specified, the pod will |
| be dispatched by default scheduler. |
| type: string |
| schedulingGates: |
| description: "SchedulingGates is an opaque list of values |
| that if specified will block scheduling the pod. If |
| schedulingGates is not empty, the pod will stay in the |
| SchedulingGated state and the scheduler will not attempt |
| to schedule the pod. \n SchedulingGates can only be |
| set at pod creation time, and be removed only afterwards. |
| \n This is a beta feature enabled by the PodSchedulingReadiness |
| feature gate." |
| items: |
| description: PodSchedulingGate is associated to a Pod |
| to guard its scheduling. |
| properties: |
| name: |
| description: Name of the scheduling gate. Each scheduling |
| gate must have a unique name field. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| securityContext: |
| description: 'SecurityContext holds pod-level security |
| attributes and common container settings. Optional: |
| Defaults to empty. See type description for default |
| values of each field.' |
| properties: |
| fsGroup: |
| description: "A special supplemental group that applies |
| to all containers in a pod. Some volume types allow |
| the Kubelet to change the ownership of that volume |
| to be owned by the pod: \n 1. The owning GID will |
| be the FSGroup 2. The setgid bit is set (new files |
| created in the volume will be owned by FSGroup) |
| 3. The permission bits are OR'd with rw-rw---- \n |
| If unset, the Kubelet will not modify the ownership |
| and permissions of any volume. Note that this field |
| cannot be set when spec.os.name is windows." |
| format: int64 |
| type: integer |
| fsGroupChangePolicy: |
| description: 'fsGroupChangePolicy defines behavior |
| of changing ownership and permission of the volume |
| before being exposed inside Pod. This field will |
| only apply to volume types which support fsGroup |
| based ownership(and permissions). It will have no |
| effect on ephemeral volume types such as: secret, |
| configmaps and emptydir. Valid values are "OnRootMismatch" |
| and "Always". If not specified, "Always" is used. |
| Note that this field cannot be set when spec.os.name |
| is windows.' |
| type: string |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in SecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence for |
| that container. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not |
| run as UID 0 (root) and fail to start the container |
| if it does. If unset or false, no such validation |
| will be performed. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified in |
| image metadata if unspecified. May also be set in |
| SecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| all containers. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence |
| for that container. Note that this field cannot |
| be set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by the containers |
| in this pod. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must only be set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file on |
| the node should be used. RuntimeDefault - the |
| container runtime default profile should be |
| used. Unconfined - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| supplementalGroups: |
| description: A list of groups applied to the first |
| process run in each container, in addition to the |
| container's primary GID, the fsGroup (if specified), |
| and group memberships defined in the container image |
| for the uid of the container process. If unspecified, |
| no additional groups are added to any container. |
| Note that group memberships defined in the container |
| image for the uid of the container process are still |
| effective, even if they are not included in this |
| list. Note that this field cannot be set when spec.os.name |
| is windows. |
| items: |
| format: int64 |
| type: integer |
| type: array |
| sysctls: |
| description: Sysctls hold a list of namespaced sysctls |
| used for the pod. Pods with unsupported sysctls |
| (by the container runtime) might fail to launch. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| items: |
| description: Sysctl defines a kernel parameter to |
| be set |
| properties: |
| name: |
| description: Name of a property to set |
| type: string |
| value: |
| description: Value of a property to set |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options within |
| a container's SecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| This field is alpha-level and will only be honored |
| by components that enable the WindowsHostProcessContainers |
| feature flag. Setting this field without the |
| feature flag will result in errors when validating |
| the Pod. All of a Pod's containers must have |
| the same effective HostProcess value (it is |
| not allowed to have a mix of HostProcess containers |
| and non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the |
| entrypoint of the container process. Defaults |
| to the user specified in image metadata if unspecified. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| serviceAccountName: |
| description: 'ServiceAccountName is the name of the ServiceAccount |
| to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' |
| type: string |
| setHostnameAsFQDN: |
| description: If true the pod's hostname will be configured |
| as the pod's FQDN, rather than the leaf name (the default). |
| In Linux containers, this means setting the FQDN in |
| the hostname field of the kernel (the nodename field |
| of struct utsname). In Windows containers, this means |
| setting the registry value of hostname for the registry |
| key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters |
| to FQDN. If a pod does not have FQDN, this has no effect. |
| Default to false. |
| type: boolean |
| shareProcessNamespace: |
| description: 'Share a single process namespace between |
| all of the containers in a pod. When this is set containers |
| will be able to view and signal processes from other |
| containers in the same pod, and the first process in |
| each container will not be assigned PID 1. HostPID and |
| ShareProcessNamespace cannot both be set. Optional: |
| Default to false.' |
| type: boolean |
| subdomain: |
| description: If specified, the fully qualified Pod hostname |
| will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster |
| domain>". If not specified, the pod will not have a |
| domainname at all. |
| type: string |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully. May be decreased in delete |
| request. Value must be non-negative integer. The value |
| zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). If this value is nil, |
| the default grace period will be used instead. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. Defaults to 30 seconds. |
| format: int64 |
| type: integer |
| tolerations: |
| description: If specified, the pod's tolerations. |
| items: |
| description: The pod this Toleration is attached to |
| tolerates any taint that matches the triple <key,value,effect> |
| using the matching operator <operator>. |
| properties: |
| effect: |
| description: Effect indicates the taint effect to |
| match. Empty means match all taint effects. When |
| specified, allowed values are NoSchedule, PreferNoSchedule |
| and NoExecute. |
| type: string |
| key: |
| description: Key is the taint key that the toleration |
| applies to. Empty means match all taint keys. |
| If the key is empty, operator must be Exists; |
| this combination means to match all values and |
| all keys. |
| type: string |
| operator: |
| description: Operator represents a key's relationship |
| to the value. Valid operators are Exists and Equal. |
| Defaults to Equal. Exists is equivalent to wildcard |
| for value, so that a pod can tolerate all taints |
| of a particular category. |
| type: string |
| tolerationSeconds: |
| description: TolerationSeconds represents the period |
| of time the toleration (which must be of effect |
| NoExecute, otherwise this field is ignored) tolerates |
| the taint. By default, it is not set, which means |
| tolerate the taint forever (do not evict). Zero |
| and negative values will be treated as 0 (evict |
| immediately) by the system. |
| format: int64 |
| type: integer |
| value: |
| description: Value is the taint value the toleration |
| matches to. If the operator is Exists, the value |
| should be empty, otherwise just a regular string. |
| type: string |
| type: object |
| type: array |
| topologySpreadConstraints: |
| description: TopologySpreadConstraints describes how a |
| group of pods ought to spread across topology domains. |
| Scheduler will schedule pods in a way which abides by |
| the constraints. All topologySpreadConstraints are ANDed. |
| items: |
| description: TopologySpreadConstraint specifies how |
| to spread matching pods among the given topology. |
| properties: |
| labelSelector: |
| description: LabelSelector is used to find matching |
| pods. Pods that match this label selector are |
| counted to determine the number of pods in their |
| corresponding topology domain. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: key is the label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is |
| "In", and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| matchLabelKeys: |
| description: "MatchLabelKeys is a set of pod label |
| keys to select the pods over which spreading will |
| be calculated. The keys are used to lookup values |
| from the incoming pod labels, those key-value |
| labels are ANDed with labelSelector to select |
| the group of existing pods over which spreading |
| will be calculated for the incoming pod. The same |
| key is forbidden to exist in both MatchLabelKeys |
| and LabelSelector. MatchLabelKeys cannot be set |
| when LabelSelector isn't set. Keys that don't |
| exist in the incoming pod labels will be ignored. |
| A null or empty list means only match against |
| labelSelector. \n This is a beta field and requires |
| the MatchLabelKeysInPodTopologySpread feature |
| gate to be enabled (enabled by default)." |
| items: |
| type: string |
| type: array |
| x-kubernetes-list-type: atomic |
| maxSkew: |
| description: 'MaxSkew describes the degree to which |
| pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, |
| it is the maximum permitted difference between |
| the number of matching pods in the target topology |
| and the global minimum. The global minimum is |
| the minimum number of matching pods in an eligible |
| domain or zero if the number of eligible domains |
| is less than MinDomains. For example, in a 3-zone |
| cluster, MaxSkew is set to 1, and pods with the |
| same labelSelector spread as 2/2/1: In this case, |
| the global minimum is 1. | zone1 | zone2 | zone3 |
| | | P P | P P | P | - if MaxSkew is 1, |
| incoming pod can only be scheduled to zone3 to |
| become 2/2/2; scheduling it onto zone1(zone2) |
| would make the ActualSkew(3-1) on zone1(zone2) |
| violate MaxSkew(1). - if MaxSkew is 2, incoming |
| pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, |
| it is used to give higher precedence to topologies |
| that satisfy it. It''s a required field. Default |
| value is 1 and 0 is not allowed.' |
| format: int32 |
| type: integer |
| minDomains: |
| description: "MinDomains indicates a minimum number |
| of eligible domains. When the number of eligible |
| domains with matching topology keys is less than |
| minDomains, Pod Topology Spread treats \"global |
| minimum\" as 0, and then the calculation of Skew |
| is performed. And when the number of eligible |
| domains with matching topology keys equals or |
| greater than minDomains, this value has no effect |
| on scheduling. As a result, when the number of |
| eligible domains is less than minDomains, scheduler |
| won't schedule more than maxSkew Pods to those |
| domains. If value is nil, the constraint behaves |
| as if MinDomains is equal to 1. Valid values are |
| integers greater than 0. When value is not nil, |
| WhenUnsatisfiable must be DoNotSchedule. \n For |
| example, in a 3-zone cluster, MaxSkew is set to |
| 2, MinDomains is set to 5 and pods with the same |
| labelSelector spread as 2/2/2: | zone1 | zone2 |
| | zone3 | | P P | P P | P P | The number |
| of domains is less than 5(MinDomains), so \"global |
| minimum\" is treated as 0. In this situation, |
| new pod with the same labelSelector cannot be |
| scheduled, because computed skew will be 3(3 - |
| 0) if new Pod is scheduled to any of the three |
| zones, it will violate MaxSkew. \n This is a beta |
| field and requires the MinDomainsInPodTopologySpread |
| feature gate to be enabled (enabled by default)." |
| format: int32 |
| type: integer |
| nodeAffinityPolicy: |
| description: "NodeAffinityPolicy indicates how we |
| will treat Pod's nodeAffinity/nodeSelector when |
| calculating pod topology spread skew. Options |
| are: - Honor: only nodes matching nodeAffinity/nodeSelector |
| are included in the calculations. - Ignore: nodeAffinity/nodeSelector |
| are ignored. All nodes are included in the calculations. |
| \n If this value is nil, the behavior is equivalent |
| to the Honor policy. This is a beta-level feature |
| default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| nodeTaintsPolicy: |
| description: "NodeTaintsPolicy indicates how we |
| will treat node taints when calculating pod topology |
| spread skew. Options are: - Honor: nodes without |
| taints, along with tainted nodes for which the |
| incoming pod has a toleration, are included. - |
| Ignore: node taints are ignored. All nodes are |
| included. \n If this value is nil, the behavior |
| is equivalent to the Ignore policy. This is a |
| beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| topologyKey: |
| description: TopologyKey is the key of node labels. |
| Nodes that have a label with this key and identical |
| values are considered to be in the same topology. |
| We consider each <key, value> as a "bucket", and |
| try to put balanced number of pods into each bucket. |
| We define a domain as a particular instance of |
| a topology. Also, we define an eligible domain |
| as a domain whose nodes meet the requirements |
| of nodeAffinityPolicy and nodeTaintsPolicy. e.g. |
| If TopologyKey is "kubernetes.io/hostname", each |
| Node is a domain of that topology. And, if TopologyKey |
| is "topology.kubernetes.io/zone", each zone is |
| a domain of that topology. It's a required field. |
| type: string |
| whenUnsatisfiable: |
| description: 'WhenUnsatisfiable indicates how to |
| deal with a pod if it doesn''t satisfy the spread |
| constraint. - DoNotSchedule (default) tells the |
| scheduler not to schedule it. - ScheduleAnyway |
| tells the scheduler to schedule the pod in any |
| location, but giving higher precedence to topologies |
| that would help reduce the skew. A constraint |
| is considered "Unsatisfiable" for an incoming |
| pod if and only if every possible node assignment |
| for that pod would violate "MaxSkew" on some topology. |
| For example, in a 3-zone cluster, MaxSkew is set |
| to 1, and pods with the same labelSelector spread |
| as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | |
| If WhenUnsatisfiable is set to DoNotSchedule, |
| incoming pod can only be scheduled to zone2(zone3) |
| to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) |
| satisfies MaxSkew(1). In other words, the cluster |
| can still be imbalanced, but scheduler won''t |
| make it *more* imbalanced. It''s a required field.' |
| type: string |
| required: |
| - maxSkew |
| - topologyKey |
| - whenUnsatisfiable |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - topologyKey |
| - whenUnsatisfiable |
| x-kubernetes-list-type: map |
| volumes: |
| description: 'List of volumes that can be mounted by containers |
| belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' |
| items: |
| description: Volume represents a named volume in a pod |
| that may be accessed by any container in the pod. |
| properties: |
| awsElasticBlockStore: |
| description: 'awsElasticBlockStore represents an |
| AWS Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty).' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly value true will force |
| the readOnly setting in VolumeMounts. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: boolean |
| volumeID: |
| description: 'volumeID is unique ID of the persistent |
| disk resource in AWS (Amazon EBS volume). |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: string |
| required: |
| - volumeID |
| type: object |
| azureDisk: |
| description: azureDisk represents an Azure Data |
| Disk mount on the host and bind mount to the pod. |
| properties: |
| cachingMode: |
| description: 'cachingMode is the Host Caching |
| mode: None, Read Only, Read Write.' |
| type: string |
| diskName: |
| description: diskName is the Name of the data |
| disk in the blob storage |
| type: string |
| diskURI: |
| description: diskURI is the URI of data disk |
| in the blob storage |
| type: string |
| fsType: |
| description: fsType is Filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| kind: |
| description: 'kind expected values are Shared: |
| multiple blob disks per storage account Dedicated: |
| single blob disk per storage account Managed: |
| azure managed data disk (only in managed availability |
| set). defaults to shared' |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| required: |
| - diskName |
| - diskURI |
| type: object |
| azureFile: |
| description: azureFile represents an Azure File |
| Service mount on the host and bind mount to the |
| pod. |
| properties: |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretName: |
| description: secretName is the name of secret |
| that contains Azure Storage Account Name and |
| Key |
| type: string |
| shareName: |
| description: shareName is the azure share Name |
| type: string |
| required: |
| - secretName |
| - shareName |
| type: object |
| cephfs: |
| description: cephFS represents a Ceph FS mount on |
| the host that shares a pod's lifetime |
| properties: |
| monitors: |
| description: 'monitors is Required: Monitors |
| is a collection of Ceph monitors More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| path: |
| description: 'path is Optional: Used as the |
| mounted root, rather than the full Ceph tree, |
| default is /' |
| type: string |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts. |
| More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: boolean |
| secretFile: |
| description: 'secretFile is Optional: SecretFile |
| is the path to key ring for User, default |
| is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| secretRef: |
| description: 'secretRef is Optional: SecretRef |
| is reference to the authentication secret |
| for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is optional: User is the |
| rados user name, default is admin More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| required: |
| - monitors |
| type: object |
| cinder: |
| description: 'cinder represents a cinder volume |
| attached and mounted on kubelets host machine. |
| More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| readOnly: |
| description: 'readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: boolean |
| secretRef: |
| description: 'secretRef is optional: points |
| to a secret object containing parameters used |
| to connect to OpenStack.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeID: |
| description: 'volumeID used to identify the |
| volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| required: |
| - volumeID |
| type: object |
| configMap: |
| description: configMap represents a configMap that |
| should populate this volume |
| properties: |
| defaultMode: |
| description: 'defaultMode is optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced ConfigMap |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the ConfigMap, the |
| volume setup will error unless it is marked |
| optional. Paths must be relative and may not |
| contain the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether the ConfigMap |
| or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| csi: |
| description: csi (Container Storage Interface) represents |
| ephemeral storage that is handled by certain external |
| CSI drivers (Beta feature). |
| properties: |
| driver: |
| description: driver is the name of the CSI driver |
| that handles this volume. Consult with your |
| admin for the correct name as registered in |
| the cluster. |
| type: string |
| fsType: |
| description: fsType to mount. Ex. "ext4", "xfs", |
| "ntfs". If not provided, the empty value is |
| passed to the associated CSI driver which |
| will determine the default filesystem to apply. |
| type: string |
| nodePublishSecretRef: |
| description: nodePublishSecretRef is a reference |
| to the secret object containing sensitive |
| information to pass to the CSI driver to complete |
| the CSI NodePublishVolume and NodeUnpublishVolume |
| calls. This field is optional, and may be |
| empty if no secret is required. If the secret |
| object contains more than one secret, all |
| secret references are passed. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| readOnly: |
| description: readOnly specifies a read-only |
| configuration for the volume. Defaults to |
| false (read/write). |
| type: boolean |
| volumeAttributes: |
| additionalProperties: |
| type: string |
| description: volumeAttributes stores driver-specific |
| properties that are passed to the CSI driver. |
| Consult your driver's documentation for supported |
| values. |
| type: object |
| required: |
| - driver |
| type: object |
| downwardAPI: |
| description: downwardAPI represents downward API |
| about the pod that should populate this volume |
| properties: |
| defaultMode: |
| description: 'Optional: mode bits to use on |
| created files by default. Must be a Optional: |
| mode bits used to set permissions on created |
| files by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: Items is a list of downward API |
| volume file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing |
| the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field |
| of the pod: only annotations, labels, |
| name and namespace are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used |
| to set permissions on this file, must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. |
| YAML accepts both octal and decimal |
| values, JSON requires decimal values |
| for mode bits. If not specified, the |
| volume defaultMode will be used. This |
| might be in conflict with other options |
| that affect the file mode, like fsGroup, |
| and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the relative |
| path name of the file to be created. |
| Must not be absolute or contain the |
| ''..'' path. Must be utf-8 encoded. |
| The first item of the relative path |
| must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| requests.cpu and requests.memory) are |
| currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| emptyDir: |
| description: 'emptyDir represents a temporary directory |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| properties: |
| medium: |
| description: 'medium represents what type of |
| storage medium should back this directory. |
| The default is "" which means to use the node''s |
| default medium. Must be an empty string (default) |
| or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount |
| of local storage required for this EmptyDir |
| volume. The size limit is also applicable |
| for memory medium. The maximum usage on memory |
| medium EmptyDir would be the minimum value |
| between the SizeLimit specified here and the |
| sum of memory limits of all containers in |
| a pod. The default is nil which means that |
| the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| ephemeral: |
| description: "ephemeral represents a volume that |
| is handled by a cluster storage driver. The volume's |
| lifecycle is tied to the pod that defines it - |
| it will be created before the pod starts, and |
| deleted when the pod is removed. \n Use this if: |
| a) the volume is only needed while the pod runs, |
| b) features of normal volumes like restoring from |
| snapshot or capacity tracking are needed, c) the |
| storage driver is specified through a storage |
| class, and d) the storage driver supports dynamic |
| volume provisioning through a PersistentVolumeClaim |
| (see EphemeralVolumeSource for more information |
| on the connection between this volume type and |
| PersistentVolumeClaim). \n Use PersistentVolumeClaim |
| or one of the vendor-specific APIs for volumes |
| that persist for longer than the lifecycle of |
| an individual pod. \n Use CSI for light-weight |
| local ephemeral volumes if the CSI driver is meant |
| to be used that way - see the documentation of |
| the driver for more information. \n A pod can |
| use both types of ephemeral volumes and persistent |
| volumes at the same time." |
| properties: |
| volumeClaimTemplate: |
| description: "Will be used to create a stand-alone |
| PVC to provision the volume. The pod in which |
| this EphemeralVolumeSource is embedded will |
| be the owner of the PVC, i.e. the PVC will |
| be deleted together with the pod. The name |
| of the PVC will be `<pod name>-<volume name>` |
| where `<volume name>` is the name from the |
| `PodSpec.Volumes` array entry. Pod validation |
| will reject the pod if the concatenated name |
| is not valid for a PVC (for example, too long). |
| \n An existing PVC with that name that is |
| not owned by the pod will *not* be used for |
| the pod to avoid using an unrelated volume |
| by mistake. Starting the pod is then blocked |
| until the unrelated PVC is removed. If such |
| a pre-created PVC is meant to be used by the |
| pod, the PVC has to updated with an owner |
| reference to the pod once the pod exists. |
| Normally this should not be necessary, but |
| it may be useful when manually reconstructing |
| a broken cluster. \n This field is read-only |
| and no changes will be made by Kubernetes |
| to the PVC after it has been created. \n Required, |
| must not be nil." |
| properties: |
| metadata: |
| description: May contain labels and annotations |
| that will be copied into the PVC when |
| creating it. No other fields are allowed |
| and will be rejected during validation. |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged |
| into the PVC that gets created from this |
| template. The same fields as in a PersistentVolumeClaim |
| are also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the |
| desired access modes the volume should |
| have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be |
| used to specify either: * An existing |
| VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) |
| If the provisioner or an external |
| controller can support the specified |
| data source, it will create a new |
| volume based on the contents of the |
| specified data source. When the AnyVolumeDataSource |
| feature gate is enabled, dataSource |
| contents will be copied to dataSourceRef, |
| and dataSourceRef contents will be |
| copied to dataSource when dataSourceRef.namespace |
| is not specified. If the namespace |
| is specified, then dataSourceRef will |
| not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies |
| the object from which to populate |
| the volume with data, if a non-empty |
| volume is desired. This may be any |
| object from a non-empty API group |
| (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, |
| volume binding will only succeed if |
| the type of the specified object matches |
| some installed volume populator or |
| dynamic provisioner. This field will |
| replace the functionality of the dataSource |
| field and as such if both fields are |
| non-empty, they must have the same |
| value. For backwards compatibility, |
| when namespace isn''t specified in |
| dataSourceRef, both fields (dataSource |
| and dataSourceRef) will be set to |
| the same value automatically if one |
| of them is empty and the other is |
| non-empty. When namespace is specified |
| in dataSourceRef, dataSource isn''t |
| set to the same value and must be |
| empty. There are three important differences |
| between dataSource and dataSourceRef: |
| * While dataSource only allows two |
| specific types of objects, dataSourceRef |
| allows any non-core object, as well |
| as PersistentVolumeClaim objects. |
| * While dataSource ignores disallowed |
| values (dropping them), dataSourceRef |
| preserves all values, and generates |
| an error if a disallowed value is |
| specified. * While dataSource only |
| allows local objects, dataSourceRef |
| allows objects in any namespaces. |
| (Beta) Using this field requires the |
| AnyVolumeDataSource feature gate to |
| be enabled. (Alpha) Using the namespace |
| field of dataSourceRef requires the |
| CrossNamespaceVolumeDataSource feature |
| gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace |
| of resource being referenced Note |
| that when a namespace is specified, |
| a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent |
| namespace to allow that namespace's |
| owner to accept the reference. |
| See the ReferenceGrant documentation |
| for details. (Alpha) This field |
| requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the |
| minimum resources the volume should |
| have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed |
| to specify resource requirements that |
| are lower than previous value but |
| must still be higher than capacity |
| recorded in the status field of the |
| claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names |
| of resources, defined in spec.resourceClaims, |
| that are used by this container. |
| \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is |
| immutable. It can only be set |
| for containers." |
| items: |
| description: ResourceClaim references |
| one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match |
| the name of one entry in |
| pod.spec.resourceClaims |
| of the Pod where this field |
| is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the |
| maximum amount of compute resources |
| allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes |
| the minimum amount of compute |
| resources required. If Requests |
| is omitted for a container, it |
| defaults to Limits if that is |
| explicitly specified, otherwise |
| to an implementation-defined value. |
| Requests cannot exceed Limits. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query |
| over volumes to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the |
| name of the StorageClass required |
| by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what |
| type of volume is required by the |
| claim. Value of Filesystem is implied |
| when not included in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding |
| reference to the PersistentVolume |
| backing this claim. |
| type: string |
| type: object |
| required: |
| - spec |
| type: object |
| type: object |
| fc: |
| description: fc represents a Fibre Channel resource |
| that is attached to a kubelet's host machine and |
| then exposed to the pod. |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. TODO: how do we prevent errors |
| in the filesystem from compromising the machine' |
| type: string |
| lun: |
| description: 'lun is Optional: FC target lun |
| number' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| targetWWNs: |
| description: 'targetWWNs is Optional: FC target |
| worldwide names (WWNs)' |
| items: |
| type: string |
| type: array |
| wwids: |
| description: 'wwids Optional: FC volume world |
| wide identifiers (wwids) Either wwids or combination |
| of targetWWNs and lun must be set, but not |
| both simultaneously.' |
| items: |
| type: string |
| type: array |
| type: object |
| flexVolume: |
| description: flexVolume represents a generic volume |
| resource that is provisioned/attached using an |
| exec based plugin. |
| properties: |
| driver: |
| description: driver is the name of the driver |
| to use for this volume. |
| type: string |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". The default filesystem depends |
| on FlexVolume script. |
| type: string |
| options: |
| additionalProperties: |
| type: string |
| description: 'options is Optional: this field |
| holds extra command options if any.' |
| type: object |
| readOnly: |
| description: 'readOnly is Optional: defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| secretRef: |
| description: 'secretRef is Optional: secretRef |
| is reference to the secret object containing |
| sensitive information to pass to the plugin |
| scripts. This may be empty if no secret object |
| is specified. If the secret object contains |
| more than one secret, all secrets are passed |
| to the plugin scripts.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - driver |
| type: object |
| flocker: |
| description: flocker represents a Flocker volume |
| attached to a kubelet's host machine. This depends |
| on the Flocker control service being running |
| properties: |
| datasetName: |
| description: datasetName is Name of the dataset |
| stored as metadata -> name on the dataset |
| for Flocker should be considered as deprecated |
| type: string |
| datasetUUID: |
| description: datasetUUID is the UUID of the |
| dataset. This is unique identifier of a Flocker |
| dataset |
| type: string |
| type: object |
| gcePersistentDisk: |
| description: 'gcePersistentDisk represents a GCE |
| Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| properties: |
| fsType: |
| description: 'fsType is filesystem type of the |
| volume that you want to mount. Tip: Ensure |
| that the filesystem type is supported by the |
| host operating system. Examples: "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| format: int32 |
| type: integer |
| pdName: |
| description: 'pdName is unique name of the PD |
| resource in GCE. Used to identify the disk |
| in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: boolean |
| required: |
| - pdName |
| type: object |
| gitRepo: |
| description: 'gitRepo represents a git repository |
| at a particular revision. DEPRECATED: GitRepo |
| is deprecated. To provision a container with a |
| git repo, mount an EmptyDir into an InitContainer |
| that clones the repo using git, then mount the |
| EmptyDir into the Pod''s container.' |
| properties: |
| directory: |
| description: directory is the target directory |
| name. Must not contain or start with '..'. If |
| '.' is supplied, the volume directory will |
| be the git repository. Otherwise, if specified, |
| the volume will contain the git repository |
| in the subdirectory with the given name. |
| type: string |
| repository: |
| description: repository is the URL |
| type: string |
| revision: |
| description: revision is the commit hash for |
| the specified revision. |
| type: string |
| required: |
| - repository |
| type: object |
| glusterfs: |
| description: 'glusterfs represents a Glusterfs mount |
| on the host that shares a pod''s lifetime. More |
| info: https://examples.k8s.io/volumes/glusterfs/README.md' |
| properties: |
| endpoints: |
| description: 'endpoints is the endpoint name |
| that details Glusterfs topology. More info: |
| https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| path: |
| description: 'path is the Glusterfs volume path. |
| More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the Glusterfs |
| volume to be mounted with read-only permissions. |
| Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: boolean |
| required: |
| - endpoints |
| - path |
| type: object |
| hostPath: |
| description: 'hostPath represents a pre-existing |
| file or directory on the host machine that is |
| directly exposed to the container. This is generally |
| used for system agents or other privileged things |
| that are allowed to see the host machine. Most |
| containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
| --- TODO(jonesdl) We need to restrict who can |
| use host directory mounts and who can/can not |
| mount host directories as read/write.' |
| properties: |
| path: |
| description: 'path of the directory on the host. |
| If the path is a symlink, it will follow the |
| link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults |
| to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| iscsi: |
| description: 'iscsi represents an ISCSI Disk resource |
| that is attached to a kubelet''s host machine |
| and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' |
| properties: |
| chapAuthDiscovery: |
| description: chapAuthDiscovery defines whether |
| support iSCSI Discovery CHAP authentication |
| type: boolean |
| chapAuthSession: |
| description: chapAuthSession defines whether |
| support iSCSI Session CHAP authentication |
| type: boolean |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| initiatorName: |
| description: initiatorName is the custom iSCSI |
| Initiator Name. If initiatorName is specified |
| with iscsiInterface simultaneously, new iSCSI |
| interface <target portal>:<volume name> will |
| be created for the connection. |
| type: string |
| iqn: |
| description: iqn is the target iSCSI Qualified |
| Name. |
| type: string |
| iscsiInterface: |
| description: iscsiInterface is the interface |
| Name that uses an iSCSI transport. Defaults |
| to 'default' (tcp). |
| type: string |
| lun: |
| description: lun represents iSCSI Target Lun |
| number. |
| format: int32 |
| type: integer |
| portals: |
| description: portals is the iSCSI Target Portal |
| List. The portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| items: |
| type: string |
| type: array |
| readOnly: |
| description: readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| type: boolean |
| secretRef: |
| description: secretRef is the CHAP Secret for |
| iSCSI target and initiator authentication |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| targetPortal: |
| description: targetPortal is iSCSI Target Portal. |
| The Portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| type: string |
| required: |
| - iqn |
| - lun |
| - targetPortal |
| type: object |
| name: |
| description: 'name of the volume. Must be a DNS_LABEL |
| and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' |
| type: string |
| nfs: |
| description: 'nfs represents an NFS mount on the |
| host that shares a pod''s lifetime More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| properties: |
| path: |
| description: 'path that is exported by the NFS |
| server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the NFS |
| export to be mounted with read-only permissions. |
| Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: boolean |
| server: |
| description: 'server is the hostname or IP address |
| of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| required: |
| - path |
| - server |
| type: object |
| persistentVolumeClaim: |
| description: 'persistentVolumeClaimVolumeSource |
| represents a reference to a PersistentVolumeClaim |
| in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| properties: |
| claimName: |
| description: 'claimName is the name of a PersistentVolumeClaim |
| in the same namespace as the pod using this |
| volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| type: string |
| readOnly: |
| description: readOnly Will force the ReadOnly |
| setting in VolumeMounts. Default false. |
| type: boolean |
| required: |
| - claimName |
| type: object |
| photonPersistentDisk: |
| description: photonPersistentDisk represents a PhotonController |
| persistent disk attached and mounted on kubelets |
| host machine |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| pdID: |
| description: pdID is the ID that identifies |
| Photon Controller persistent disk |
| type: string |
| required: |
| - pdID |
| type: object |
| portworxVolume: |
| description: portworxVolume represents a portworx |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fSType represents the filesystem |
| type to mount Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| volumeID: |
| description: volumeID uniquely identifies a |
| Portworx volume |
| type: string |
| required: |
| - volumeID |
| type: object |
| projected: |
| description: projected items for all in one resources |
| secrets, configmaps, and downward API |
| properties: |
| defaultMode: |
| description: defaultMode are the mode bits used |
| to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set. |
| format: int32 |
| type: integer |
| sources: |
| description: sources is the list of volume projections |
| items: |
| description: Projection that may be projected |
| along with other supported volume types |
| properties: |
| configMap: |
| description: configMap information about |
| the configMap data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced ConfigMap |
| will be projected into the volume |
| as a file whose name is the key |
| and content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the ConfigMap, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether |
| the ConfigMap or its keys must be |
| defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| downwardAPI: |
| description: downwardAPI information about |
| the downwardAPI data to project |
| properties: |
| items: |
| description: Items is a list of DownwardAPIVolume |
| file |
| items: |
| description: DownwardAPIVolumeFile |
| represents information to create |
| the file containing the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects |
| a field of the pod: only annotations, |
| labels, name and namespace |
| are supported.' |
| properties: |
| apiVersion: |
| description: Version of |
| the schema the FieldPath |
| is written in terms of, |
| defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the |
| field to select in the |
| specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode |
| bits used to set permissions |
| on this file, must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path |
| is the relative path name |
| of the file to be created. |
| Must not be absolute or contain |
| the ''..'' path. Must be utf-8 |
| encoded. The first item of |
| the relative path must not |
| start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource |
| of the container: only resources |
| limits and requests (limits.cpu, |
| limits.memory, requests.cpu |
| and requests.memory) are currently |
| supported.' |
| properties: |
| containerName: |
| description: 'Container |
| name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the |
| output format of the exposed |
| resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: |
| resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| secret: |
| description: secret information about |
| the secret data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced Secret will |
| be projected into the volume as |
| a file whose name is the key and |
| content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the Secret, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional field specify |
| whether the Secret or its key must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| serviceAccountToken: |
| description: serviceAccountToken is information |
| about the serviceAccountToken data to |
| project |
| properties: |
| audience: |
| description: audience is the intended |
| audience of the token. A recipient |
| of a token must identify itself |
| with an identifier specified in |
| the audience of the token, and otherwise |
| should reject the token. The audience |
| defaults to the identifier of the |
| apiserver. |
| type: string |
| expirationSeconds: |
| description: expirationSeconds is |
| the requested duration of validity |
| of the service account token. As |
| the token approaches expiration, |
| the kubelet volume plugin will proactively |
| rotate the service account token. |
| The kubelet will start trying to |
| rotate the token if the token is |
| older than 80 percent of its time |
| to live or if the token is older |
| than 24 hours.Defaults to 1 hour |
| and must be at least 10 minutes. |
| format: int64 |
| type: integer |
| path: |
| description: path is the path relative |
| to the mount point of the file to |
| project the token into. |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| type: array |
| type: object |
| quobyte: |
| description: quobyte represents a Quobyte mount |
| on the host that shares a pod's lifetime |
| properties: |
| group: |
| description: group to map volume access to Default |
| is no group |
| type: string |
| readOnly: |
| description: readOnly here will force the Quobyte |
| volume to be mounted with read-only permissions. |
| Defaults to false. |
| type: boolean |
| registry: |
| description: registry represents a single or |
| multiple Quobyte Registry services specified |
| as a string as host:port pair (multiple entries |
| are separated with commas) which acts as the |
| central registry for volumes |
| type: string |
| tenant: |
| description: tenant owning the given Quobyte |
| volume in the Backend Used with dynamically |
| provisioned Quobyte volumes, value is set |
| by the plugin |
| type: string |
| user: |
| description: user to map volume access to Defaults |
| to serivceaccount user |
| type: string |
| volume: |
| description: volume is a string that references |
| an already created Quobyte volume by name. |
| type: string |
| required: |
| - registry |
| - volume |
| type: object |
| rbd: |
| description: 'rbd represents a Rados Block Device |
| mount on the host that shares a pod''s lifetime. |
| More info: https://examples.k8s.io/volumes/rbd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| image: |
| description: 'image is the rados image name. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| keyring: |
| description: 'keyring is the path to key ring |
| for RBDUser. Default is /etc/ceph/keyring. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| monitors: |
| description: 'monitors is a collection of Ceph |
| monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| pool: |
| description: 'pool is the rados pool name. Default |
| is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: boolean |
| secretRef: |
| description: 'secretRef is name of the authentication |
| secret for RBDUser. If provided overrides |
| keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is the rados user name. Default |
| is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| required: |
| - image |
| - monitors |
| type: object |
| scaleIO: |
| description: scaleIO represents a ScaleIO persistent |
| volume attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Default is "xfs". |
| type: string |
| gateway: |
| description: gateway is the host address of |
| the ScaleIO API Gateway. |
| type: string |
| protectionDomain: |
| description: protectionDomain is the name of |
| the ScaleIO Protection Domain for the configured |
| storage. |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef references to the secret |
| for ScaleIO user and other sensitive information. |
| If this is not provided, Login operation will |
| fail. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| sslEnabled: |
| description: sslEnabled Flag enable/disable |
| SSL communication with Gateway, default false |
| type: boolean |
| storageMode: |
| description: storageMode indicates whether the |
| storage for a volume should be ThickProvisioned |
| or ThinProvisioned. Default is ThinProvisioned. |
| type: string |
| storagePool: |
| description: storagePool is the ScaleIO Storage |
| Pool associated with the protection domain. |
| type: string |
| system: |
| description: system is the name of the storage |
| system as configured in ScaleIO. |
| type: string |
| volumeName: |
| description: volumeName is the name of a volume |
| already created in the ScaleIO system that |
| is associated with this volume source. |
| type: string |
| required: |
| - gateway |
| - secretRef |
| - system |
| type: object |
| secret: |
| description: 'secret represents a secret that should |
| populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| properties: |
| defaultMode: |
| description: 'defaultMode is Optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items If unspecified, each key-value |
| pair in the Data field of the referenced Secret |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the Secret, the volume |
| setup will error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| optional: |
| description: optional field specify whether |
| the Secret or its keys must be defined |
| type: boolean |
| secretName: |
| description: 'secretName is the name of the |
| secret in the pod''s namespace to use. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| type: string |
| type: object |
| storageos: |
| description: storageOS represents a StorageOS volume |
| attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef specifies the secret |
| to use for obtaining the StorageOS API credentials. If |
| not specified, default values will be attempted. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeName: |
| description: volumeName is the human-readable |
| name of the StorageOS volume. Volume names |
| are only unique within a namespace. |
| type: string |
| volumeNamespace: |
| description: volumeNamespace specifies the scope |
| of the volume within StorageOS. If no namespace |
| is specified then the Pod's namespace will |
| be used. This allows the Kubernetes name |
| scoping to be mirrored within StorageOS for |
| tighter integration. Set VolumeName to any |
| name to override the default behaviour. Set |
| to "default" if you are not using namespaces |
| within StorageOS. Namespaces that do not pre-exist |
| within StorageOS will be created. |
| type: string |
| type: object |
| vsphereVolume: |
| description: vsphereVolume represents a vSphere |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fsType is filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| storagePolicyID: |
| description: storagePolicyID is the storage |
| Policy Based Management (SPBM) profile ID |
| associated with the StoragePolicyName. |
| type: string |
| storagePolicyName: |
| description: storagePolicyName is the storage |
| Policy Based Management (SPBM) profile name. |
| type: string |
| volumePath: |
| description: volumePath is the path that identifies |
| vSphere volume vmdk |
| type: string |
| required: |
| - volumePath |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| type: object |
| type: object |
| type: object |
| type: object |
| status: |
| description: SonataFlowPlatformStatus defines the observed state of SonataFlowPlatform |
| properties: |
| cluster: |
| description: Cluster what kind of cluster you're running (ie, plain |
| Kubernetes or OpenShift) |
| enum: |
| - kubernetes |
| - openshift |
| type: string |
| conditions: |
| description: The latest available observations of a resource's current |
| state. |
| items: |
| description: Condition describes the common structure for conditions |
| in our types |
| properties: |
| lastUpdateTime: |
| description: The last time this condition was updated. |
| format: date-time |
| type: string |
| message: |
| description: A human-readable message indicating details about |
| the transition. |
| type: string |
| reason: |
| description: The reason for the condition's last transition. |
| type: string |
| status: |
| description: Status of the condition, one of True, False, Unknown. |
| type: string |
| type: |
| description: Type condition for the given object |
| type: string |
| required: |
| - status |
| - type |
| type: object |
| type: array |
| info: |
| additionalProperties: |
| type: string |
| description: Info generic information related to the build |
| type: object |
| observedGeneration: |
| description: The generation observed by the deployment controller. |
| format: int64 |
| type: integer |
| version: |
| description: Version the operator version controlling this Platform |
| type: string |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| status: {} |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| controller-gen.kubebuilder.io/version: v0.9.2 |
| creationTimestamp: null |
| name: sonataflows.sonataflow.org |
| spec: |
| group: sonataflow.org |
| names: |
| kind: SonataFlow |
| listKind: SonataFlowList |
| plural: sonataflows |
| shortNames: |
| - sf |
| - workflow |
| - workflows |
| singular: sonataflow |
| scope: Namespaced |
| versions: |
| - additionalPrinterColumns: |
| - jsonPath: .metadata.annotations.sonataflow\.org\/profile |
| name: Profile |
| type: string |
| - jsonPath: .metadata.annotations.sonataflow\.org\/version |
| name: Version |
| type: string |
| - jsonPath: .status.endpoint |
| name: URL |
| type: string |
| - jsonPath: .status.conditions[?(@.type=='Running')].status |
| name: Ready |
| type: string |
| - jsonPath: .status.conditions[?(@.type=='Running')].reason |
| name: Reason |
| type: string |
| name: v1alpha08 |
| schema: |
| openAPIV3Schema: |
| description: SonataFlow is the descriptor representation for a workflow application |
| based on the CNCF Serverless Workflow specification. |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: SonataFlowSpec defines the desired state of SonataFlow |
| properties: |
| flow: |
| description: Flow the workflow definition. |
| properties: |
| annotations: |
| description: Annotations List of helpful terms describing the |
| workflows intended purpose, subject areas, or other important |
| qualities. |
| items: |
| type: string |
| type: array |
| auth: |
| description: Auth definitions can be used to define authentication |
| information that should be applied to resources defined in the |
| operation property of function definitions. It is not used as |
| authentication information for the function invocation, but |
| just to access the resource containing the function invocation |
| information. |
| x-kubernetes-preserve-unknown-fields: true |
| autoRetries: |
| description: AutoRetries If set to true, actions should automatically |
| be retried on unchecked errors. Default is false |
| type: boolean |
| constants: |
| additionalProperties: |
| description: RawMessage is a raw encoded JSON value. It implements |
| Marshaler and Unmarshaler and can be used to delay JSON decoding |
| or precompute a JSON encoding. |
| format: byte |
| type: string |
| description: Constants Workflow constants are used to define static, |
| and immutable, data which is available to Workflow Expressions. |
| type: object |
| dataInputSchema: |
| description: DataInputSchema URI of the JSON Schema used to validate |
| the workflow data input |
| properties: |
| failOnValidationErrors: |
| type: boolean |
| schema: |
| type: string |
| required: |
| - failOnValidationErrors |
| - schema |
| type: object |
| errors: |
| description: Defines checked errors that can be explicitly handled |
| during workflow execution. |
| items: |
| description: Error declaration for workflow definitions |
| properties: |
| code: |
| description: Code OnError code. Can be used in addition |
| to the name to help runtimes resolve to technical errors/exceptions. |
| Should not be defined if error is set to '*'. |
| type: string |
| description: |
| description: OnError description. |
| type: string |
| name: |
| description: Name Domain-specific error name. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| events: |
| items: |
| description: Event used to define events and their correlations |
| properties: |
| correlation: |
| description: Define event correlation rules for this event. |
| Only used for consumed events. |
| items: |
| description: Correlation define event correlation rules |
| for an event. Only used for `consumed` events |
| properties: |
| contextAttributeName: |
| description: CloudEvent Extension Context Attribute |
| name |
| type: string |
| contextAttributeValue: |
| description: CloudEvent Extension Context Attribute |
| value |
| type: string |
| required: |
| - contextAttributeName |
| type: object |
| type: array |
| dataOnly: |
| description: If `true`, only the Event payload is accessible |
| to consuming Workflow states. If `false`, both event payload |
| and context attributes should be accessible. Defaults |
| to true. |
| type: boolean |
| kind: |
| default: consumed |
| description: Defines the CloudEvent as either 'consumed' |
| or 'produced' by the workflow. Defaults to `consumed`. |
| enum: |
| - consumed |
| - produced |
| type: string |
| metadata: |
| additionalProperties: |
| type: object |
| description: Metadata information |
| type: object |
| name: |
| description: Unique event name. |
| type: string |
| source: |
| description: CloudEvent source. |
| type: string |
| type: |
| description: CloudEvent type. |
| type: string |
| required: |
| - name |
| - type |
| type: object |
| type: array |
| functions: |
| items: |
| description: Function ... |
| properties: |
| authRef: |
| description: References an auth definition name to be used |
| to access to resource defined in the operation parameter. |
| type: string |
| metadata: |
| additionalProperties: |
| type: object |
| description: Metadata information |
| type: object |
| name: |
| description: Unique function name |
| type: string |
| operation: |
| description: If type is `rest`, <path_to_openapi_definition>#<operation_id>. |
| If type is `rpc`, <path_to_grpc_proto_file>#<service_name>#<service_method>. |
| If type is `expression`, defines the workflow expression. |
| If the type is `custom`, <path_to_custom_script>#<custom_service_method>. |
| type: string |
| type: |
| default: rest |
| description: Defines the function type. Is either `custom`, |
| `rest`, `rpc`, `expression`, `graphql`, `odata` or `asyncapi`. |
| Default is `rest`. |
| enum: |
| - rest |
| - rpc |
| - expression |
| - graphql |
| - odata |
| - asyncapi |
| - custom |
| type: string |
| required: |
| - name |
| - operation |
| type: object |
| type: array |
| keepActive: |
| description: If "true", workflow instances is not terminated when |
| there are no active execution paths. Instance can be terminated |
| with "terminate end definition" or reaching defined "workflowExecTimeout" |
| type: boolean |
| metadata: |
| description: Metadata custom information shared with the runtime. |
| x-kubernetes-preserve-unknown-fields: true |
| retries: |
| items: |
| description: Retry ... |
| properties: |
| delay: |
| description: Time delay between retry attempts (ISO 8601 |
| duration format) |
| type: string |
| increment: |
| description: Static value by which the delay increases during |
| each attempt (ISO 8601 time format) |
| type: string |
| jitter: |
| description: 'If float type, maximum amount of random time |
| added or subtracted from the delay between each retry |
| relative to total delay (between 0 and 1). If string type, |
| absolute maximum amount of random time added or subtracted |
| from the delay between each retry (ISO 8601 duration format) |
| TODO: make iso8601duration compatible this type' |
| properties: |
| floatVal: |
| type: number |
| strVal: |
| type: string |
| type: |
| description: Type represents the stored type of Float32OrString. |
| format: int64 |
| type: integer |
| type: object |
| maxAttempts: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Maximum number of retry attempts. |
| x-kubernetes-int-or-string: true |
| maxDelay: |
| description: Maximum time delay between retry attempts (ISO |
| 8601 duration format) |
| type: string |
| multiplier: |
| description: Numeric value, if specified the delay between |
| retries is multiplied by this value. |
| properties: |
| floatVal: |
| type: number |
| strVal: |
| type: string |
| type: |
| description: Type represents the stored type of Float32OrString. |
| format: int64 |
| type: integer |
| type: object |
| name: |
| description: Unique retry strategy name |
| type: string |
| required: |
| - maxAttempts |
| - name |
| type: object |
| type: array |
| secrets: |
| description: Secrets allow you to access sensitive information, |
| such as passwords, OAuth tokens, ssh keys, etc, inside your |
| Workflow Expressions. |
| items: |
| type: string |
| type: array |
| start: |
| description: Workflow start definition. |
| x-kubernetes-preserve-unknown-fields: true |
| states: |
| items: |
| properties: |
| callbackState: |
| description: callbackState executes a function and waits |
| for callback event that indicates completion of the task. |
| properties: |
| action: |
| description: Defines the action to be executed. |
| properties: |
| actionDataFilter: |
| description: Filter the state data to select only |
| the data that can be used within function definition |
| arguments using its fromStateData property. Filter |
| the action results to select only the result data |
| that should be added/merged back into the state |
| data using its results property. Select the part |
| of state data which the action data results should |
| be added/merged to using the toStateData property. |
| properties: |
| fromStateData: |
| description: Workflow expression that filters |
| state data that can be used by the action. |
| type: string |
| results: |
| description: Workflow expression that filters |
| the actions data results. |
| type: string |
| toStateData: |
| description: Workflow expression that selects |
| a state data element to which the action results |
| should be added/merged into. If not specified |
| denotes the top-level state data element. |
| type: string |
| useResults: |
| description: If set to false, action data results |
| are not added/merged to state data. In this |
| case 'results' and 'toStateData' should be |
| ignored. Default is true. |
| type: boolean |
| type: object |
| condition: |
| description: Expression, if defined, must evaluate |
| to true for this action to be performed. If false, |
| action is disregarded. |
| type: string |
| eventRef: |
| description: References a 'trigger' and 'result' |
| reusable event definitions. |
| properties: |
| contextAttributes: |
| additionalProperties: |
| type: object |
| description: Add additional extension context |
| attributes to the produced event. |
| type: object |
| data: |
| description: If string type, an expression which |
| selects parts of the states data output to |
| become the data (payload) of the event referenced |
| by triggerEventRef. If object type, a custom |
| object to become the data (payload) of the |
| event referenced by triggerEventRef. |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function should |
| be invoked sync or async. Default is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| resultEventRef: |
| description: Reference to the unique name of |
| a 'consumed' event definition |
| type: string |
| resultEventTimeout: |
| description: Maximum amount of time (ISO 8601 |
| format) to wait for the result event. If not |
| defined it be set to the actionExecutionTimeout |
| type: string |
| triggerEventRef: |
| description: Reference to the unique name of |
| a 'produced' event definition, |
| type: string |
| required: |
| - resultEventRef |
| - triggerEventRef |
| type: object |
| functionRef: |
| description: References a reusable function definition. |
| properties: |
| arguments: |
| additionalProperties: |
| type: object |
| description: 'Arguments (inputs) to be passed |
| to the referenced function TODO: validate |
| it as required if function type is graphql' |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function should |
| be invoked sync or async. Default is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| refName: |
| description: Name of the referenced function. |
| type: string |
| selectionSet: |
| description: 'Used if function type is graphql. |
| String containing a valid GraphQL selection |
| set. TODO: validate it as required if function |
| type is graphql' |
| type: string |
| required: |
| - refName |
| type: object |
| id: |
| description: Defines Unique action identifier. |
| type: string |
| name: |
| description: Defines Unique action name. |
| type: string |
| nonRetryableErrors: |
| description: List of unique references to defined |
| workflow errors for which the action should not |
| be retried. Used only when `autoRetries` is set |
| to `true` |
| items: |
| type: string |
| type: array |
| retryRef: |
| description: References a defined workflow retry |
| definition. If not defined uses the default runtime |
| retry definition. |
| type: string |
| retryableErrors: |
| description: List of unique references to defined |
| workflow errors for which the action should be |
| retried. Used only when `autoRetries` is set to |
| `false` |
| items: |
| type: string |
| type: array |
| sleep: |
| description: Defines time period workflow execution |
| should sleep before / after function execution. |
| properties: |
| after: |
| description: Defines amount of time (ISO 8601 |
| duration format) to sleep after function/subflow |
| invocation. Does not apply if 'eventRef' is |
| defined. |
| type: string |
| before: |
| description: Defines amount of time (ISO 8601 |
| duration format) to sleep before function/subflow |
| invocation. Does not apply if 'eventRef' is |
| defined. |
| type: string |
| type: object |
| subFlowRef: |
| description: References a workflow to be invoked. |
| properties: |
| invoke: |
| default: sync |
| description: Specifies if the subflow should |
| be invoked sync or async. Defaults to sync. |
| enum: |
| - async |
| - sync |
| type: string |
| onParentComplete: |
| default: terminate |
| description: onParentComplete specifies how |
| subflow execution should behave when parent |
| workflow completes if invoke is 'async'. Defaults |
| to terminate. |
| enum: |
| - terminate |
| - continue |
| type: string |
| version: |
| description: Sub-workflow version |
| type: string |
| workflowId: |
| description: Sub-workflow unique id |
| type: string |
| required: |
| - workflowId |
| type: object |
| type: object |
| eventDataFilter: |
| description: Event data filter definition. |
| properties: |
| data: |
| description: Workflow expression that filters of |
| the event data (payload). |
| type: string |
| toStateData: |
| description: Workflow expression that selects a |
| state data element to which the action results |
| should be added/merged into. If not specified |
| denotes the top-level state data element |
| type: string |
| useData: |
| description: If set to false, event payload is not |
| added/merged to state data. In this case 'data' |
| and 'toStateData' should be ignored. Default is |
| true. |
| type: boolean |
| type: object |
| eventRef: |
| description: References a unique callback event name |
| in the defined workflow events. |
| type: string |
| timeouts: |
| description: Time period to wait for incoming events |
| (ISO 8601 format) |
| properties: |
| actionExecTimeout: |
| description: Default single actions definition execution |
| timeout (ISO 8601 duration format) |
| type: string |
| eventTimeout: |
| description: Default timeout for consuming defined |
| events (ISO 8601 duration format) |
| type: string |
| stateExecTimeout: |
| description: Default workflow state execution timeout |
| (ISO 8601 duration format) |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - action |
| - eventRef |
| type: object |
| compensatedBy: |
| description: Unique Name of a workflow state which is responsible |
| for compensation of this state. |
| type: string |
| delayState: |
| description: delayState Causes the workflow execution to |
| delay for a specified duration. |
| properties: |
| timeDelay: |
| description: Amount of time (ISO 8601 format) to delay |
| type: string |
| required: |
| - timeDelay |
| type: object |
| end: |
| description: State end definition. |
| x-kubernetes-preserve-unknown-fields: true |
| eventState: |
| description: event states await one or more events and perform |
| actions when they are received. If defined as the workflow |
| starting state, the event state definition controls when |
| the workflow instances should be created. |
| properties: |
| exclusive: |
| default: true |
| description: If true consuming one of the defined events |
| causes its associated actions to be performed. If |
| false all the defined events must be consumed in order |
| for actions to be performed. Defaults to true. |
| type: boolean |
| onEvents: |
| description: Define the events to be consumed and optional |
| actions to be performed. |
| items: |
| description: OnEvents define which actions are be |
| performed for the one or more events. |
| properties: |
| actionMode: |
| default: sequential |
| description: Should actions be performed sequentially |
| or in parallel. Default is sequential. |
| enum: |
| - sequential |
| - parallel |
| type: string |
| actions: |
| description: Actions to be performed if expression |
| matches |
| items: |
| description: Action specify invocations of services |
| or other workflows during workflow execution. |
| properties: |
| actionDataFilter: |
| description: Filter the state data to select |
| only the data that can be used within |
| function definition arguments using its |
| fromStateData property. Filter the action |
| results to select only the result data |
| that should be added/merged back into |
| the state data using its results property. |
| Select the part of state data which the |
| action data results should be added/merged |
| to using the toStateData property. |
| properties: |
| fromStateData: |
| description: Workflow expression that |
| filters state data that can be used |
| by the action. |
| type: string |
| results: |
| description: Workflow expression that |
| filters the actions data results. |
| type: string |
| toStateData: |
| description: Workflow expression that |
| selects a state data element to which |
| the action results should be added/merged |
| into. If not specified denotes the |
| top-level state data element. |
| type: string |
| useResults: |
| description: If set to false, action |
| data results are not added/merged |
| to state data. In this case 'results' |
| and 'toStateData' should be ignored. |
| Default is true. |
| type: boolean |
| type: object |
| condition: |
| description: Expression, if defined, must |
| evaluate to true for this action to be |
| performed. If false, action is disregarded. |
| type: string |
| eventRef: |
| description: References a 'trigger' and |
| 'result' reusable event definitions. |
| properties: |
| contextAttributes: |
| additionalProperties: |
| type: object |
| description: Add additional extension |
| context attributes to the produced |
| event. |
| type: object |
| data: |
| description: If string type, an expression |
| which selects parts of the states |
| data output to become the data (payload) |
| of the event referenced by triggerEventRef. |
| If object type, a custom object to |
| become the data (payload) of the event |
| referenced by triggerEventRef. |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function |
| should be invoked sync or async. Default |
| is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| resultEventRef: |
| description: Reference to the unique |
| name of a 'consumed' event definition |
| type: string |
| resultEventTimeout: |
| description: Maximum amount of time |
| (ISO 8601 format) to wait for the |
| result event. If not defined it be |
| set to the actionExecutionTimeout |
| type: string |
| triggerEventRef: |
| description: Reference to the unique |
| name of a 'produced' event definition, |
| type: string |
| required: |
| - resultEventRef |
| - triggerEventRef |
| type: object |
| functionRef: |
| description: References a reusable function |
| definition. |
| properties: |
| arguments: |
| additionalProperties: |
| type: object |
| description: 'Arguments (inputs) to |
| be passed to the referenced function |
| TODO: validate it as required if function |
| type is graphql' |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function |
| should be invoked sync or async. Default |
| is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| refName: |
| description: Name of the referenced |
| function. |
| type: string |
| selectionSet: |
| description: 'Used if function type |
| is graphql. String containing a valid |
| GraphQL selection set. TODO: validate |
| it as required if function type is |
| graphql' |
| type: string |
| required: |
| - refName |
| type: object |
| id: |
| description: Defines Unique action identifier. |
| type: string |
| name: |
| description: Defines Unique action name. |
| type: string |
| nonRetryableErrors: |
| description: List of unique references to |
| defined workflow errors for which the |
| action should not be retried. Used only |
| when `autoRetries` is set to `true` |
| items: |
| type: string |
| type: array |
| retryRef: |
| description: References a defined workflow |
| retry definition. If not defined uses |
| the default runtime retry definition. |
| type: string |
| retryableErrors: |
| description: List of unique references to |
| defined workflow errors for which the |
| action should be retried. Used only when |
| `autoRetries` is set to `false` |
| items: |
| type: string |
| type: array |
| sleep: |
| description: Defines time period workflow |
| execution should sleep before / after |
| function execution. |
| properties: |
| after: |
| description: Defines amount of time |
| (ISO 8601 duration format) to sleep |
| after function/subflow invocation. |
| Does not apply if 'eventRef' is defined. |
| type: string |
| before: |
| description: Defines amount of time |
| (ISO 8601 duration format) to sleep |
| before function/subflow invocation. |
| Does not apply if 'eventRef' is defined. |
| type: string |
| type: object |
| subFlowRef: |
| description: References a workflow to be |
| invoked. |
| properties: |
| invoke: |
| default: sync |
| description: Specifies if the subflow |
| should be invoked sync or async. Defaults |
| to sync. |
| enum: |
| - async |
| - sync |
| type: string |
| onParentComplete: |
| default: terminate |
| description: onParentComplete specifies |
| how subflow execution should behave |
| when parent workflow completes if |
| invoke is 'async'. Defaults to terminate. |
| enum: |
| - terminate |
| - continue |
| type: string |
| version: |
| description: Sub-workflow version |
| type: string |
| workflowId: |
| description: Sub-workflow unique id |
| type: string |
| required: |
| - workflowId |
| type: object |
| type: object |
| type: array |
| eventDataFilter: |
| description: eventDataFilter defines the callback |
| event data filter definition |
| properties: |
| data: |
| description: Workflow expression that filters |
| of the event data (payload). |
| type: string |
| toStateData: |
| description: Workflow expression that selects |
| a state data element to which the action |
| results should be added/merged into. If |
| not specified denotes the top-level state |
| data element |
| type: string |
| useData: |
| description: If set to false, event payload |
| is not added/merged to state data. In this |
| case 'data' and 'toStateData' should be |
| ignored. Default is true. |
| type: boolean |
| type: object |
| eventRefs: |
| description: References one or more unique event |
| names in the defined workflow events. |
| items: |
| type: string |
| minItems: 1 |
| type: array |
| required: |
| - eventRefs |
| type: object |
| minItems: 1 |
| type: array |
| timeouts: |
| description: State specific timeouts. |
| properties: |
| actionExecTimeout: |
| description: Default single actions definition execution |
| timeout (ISO 8601 duration format) |
| type: string |
| eventTimeout: |
| description: Default timeout for consuming defined |
| events (ISO 8601 duration format) |
| type: string |
| stateExecTimeout: |
| description: Default workflow state execution timeout |
| (ISO 8601 duration format) |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - onEvents |
| type: object |
| forEachState: |
| description: forEachState used to execute actions for each |
| element of a data set. |
| properties: |
| actions: |
| description: Actions to be executed for each of the |
| elements of inputCollection. |
| items: |
| description: Action specify invocations of services |
| or other workflows during workflow execution. |
| properties: |
| actionDataFilter: |
| description: Filter the state data to select only |
| the data that can be used within function definition |
| arguments using its fromStateData property. |
| Filter the action results to select only the |
| result data that should be added/merged back |
| into the state data using its results property. |
| Select the part of state data which the action |
| data results should be added/merged to using |
| the toStateData property. |
| properties: |
| fromStateData: |
| description: Workflow expression that filters |
| state data that can be used by the action. |
| type: string |
| results: |
| description: Workflow expression that filters |
| the actions data results. |
| type: string |
| toStateData: |
| description: Workflow expression that selects |
| a state data element to which the action |
| results should be added/merged into. If |
| not specified denotes the top-level state |
| data element. |
| type: string |
| useResults: |
| description: If set to false, action data |
| results are not added/merged to state data. |
| In this case 'results' and 'toStateData' |
| should be ignored. Default is true. |
| type: boolean |
| type: object |
| condition: |
| description: Expression, if defined, must evaluate |
| to true for this action to be performed. If |
| false, action is disregarded. |
| type: string |
| eventRef: |
| description: References a 'trigger' and 'result' |
| reusable event definitions. |
| properties: |
| contextAttributes: |
| additionalProperties: |
| type: object |
| description: Add additional extension context |
| attributes to the produced event. |
| type: object |
| data: |
| description: If string type, an expression |
| which selects parts of the states data output |
| to become the data (payload) of the event |
| referenced by triggerEventRef. If object |
| type, a custom object to become the data |
| (payload) of the event referenced by triggerEventRef. |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function should |
| be invoked sync or async. Default is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| resultEventRef: |
| description: Reference to the unique name |
| of a 'consumed' event definition |
| type: string |
| resultEventTimeout: |
| description: Maximum amount of time (ISO 8601 |
| format) to wait for the result event. If |
| not defined it be set to the actionExecutionTimeout |
| type: string |
| triggerEventRef: |
| description: Reference to the unique name |
| of a 'produced' event definition, |
| type: string |
| required: |
| - resultEventRef |
| - triggerEventRef |
| type: object |
| functionRef: |
| description: References a reusable function definition. |
| properties: |
| arguments: |
| additionalProperties: |
| type: object |
| description: 'Arguments (inputs) to be passed |
| to the referenced function TODO: validate |
| it as required if function type is graphql' |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function should |
| be invoked sync or async. Default is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| refName: |
| description: Name of the referenced function. |
| type: string |
| selectionSet: |
| description: 'Used if function type is graphql. |
| String containing a valid GraphQL selection |
| set. TODO: validate it as required if function |
| type is graphql' |
| type: string |
| required: |
| - refName |
| type: object |
| id: |
| description: Defines Unique action identifier. |
| type: string |
| name: |
| description: Defines Unique action name. |
| type: string |
| nonRetryableErrors: |
| description: List of unique references to defined |
| workflow errors for which the action should |
| not be retried. Used only when `autoRetries` |
| is set to `true` |
| items: |
| type: string |
| type: array |
| retryRef: |
| description: References a defined workflow retry |
| definition. If not defined uses the default |
| runtime retry definition. |
| type: string |
| retryableErrors: |
| description: List of unique references to defined |
| workflow errors for which the action should |
| be retried. Used only when `autoRetries` is |
| set to `false` |
| items: |
| type: string |
| type: array |
| sleep: |
| description: Defines time period workflow execution |
| should sleep before / after function execution. |
| properties: |
| after: |
| description: Defines amount of time (ISO 8601 |
| duration format) to sleep after function/subflow |
| invocation. Does not apply if 'eventRef' |
| is defined. |
| type: string |
| before: |
| description: Defines amount of time (ISO 8601 |
| duration format) to sleep before function/subflow |
| invocation. Does not apply if 'eventRef' |
| is defined. |
| type: string |
| type: object |
| subFlowRef: |
| description: References a workflow to be invoked. |
| properties: |
| invoke: |
| default: sync |
| description: Specifies if the subflow should |
| be invoked sync or async. Defaults to sync. |
| enum: |
| - async |
| - sync |
| type: string |
| onParentComplete: |
| default: terminate |
| description: onParentComplete specifies how |
| subflow execution should behave when parent |
| workflow completes if invoke is 'async'. |
| Defaults to terminate. |
| enum: |
| - terminate |
| - continue |
| type: string |
| version: |
| description: Sub-workflow version |
| type: string |
| workflowId: |
| description: Sub-workflow unique id |
| type: string |
| required: |
| - workflowId |
| type: object |
| type: object |
| minItems: 0 |
| type: array |
| batchSize: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies how many iterations may run in |
| parallel at the same time. Used if mode property is |
| set to parallel (default). If not specified, its value |
| should be the size of the inputCollection. |
| x-kubernetes-int-or-string: true |
| inputCollection: |
| description: Workflow expression selecting an array |
| element of the states' data. |
| type: string |
| iterationParam: |
| description: Name of the iteration parameter that can |
| be referenced in actions/workflow. For each parallel |
| iteration, this param should contain a unique element |
| of the inputCollection array. |
| type: string |
| mode: |
| default: parallel |
| description: Specifies how iterations are to be performed |
| (sequential or in parallel), defaults to parallel. |
| enum: |
| - sequential |
| - parallel |
| type: string |
| outputCollection: |
| description: Workflow expression specifying an array |
| element of the states data to add the results of each |
| iteration. |
| type: string |
| timeouts: |
| description: State specific timeout. |
| properties: |
| actionExecTimeout: |
| description: Default single actions definition execution |
| timeout (ISO 8601 duration format) |
| type: string |
| stateExecTimeout: |
| description: Default workflow state execution timeout |
| (ISO 8601 duration format) |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - inputCollection |
| type: object |
| id: |
| description: Unique State id. |
| type: string |
| injectState: |
| description: injectState used to inject static data into |
| state data input. |
| properties: |
| data: |
| additionalProperties: |
| type: object |
| description: JSON object which can be set as state's |
| data input and can be manipulated via filter |
| minProperties: 1 |
| type: object |
| timeouts: |
| description: State specific timeouts |
| properties: |
| stateExecTimeout: |
| description: Default workflow state execution timeout |
| (ISO 8601 duration format) |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - data |
| type: object |
| metadata: |
| additionalProperties: |
| type: object |
| description: Metadata information. |
| type: object |
| name: |
| description: State name. |
| type: string |
| onErrors: |
| description: States error handling and retries definitions. |
| items: |
| description: OnError ... |
| properties: |
| end: |
| description: End workflow execution in case of this |
| error. If retryRef is defined, this ends workflow |
| only if retries were unsuccessful. |
| x-kubernetes-preserve-unknown-fields: true |
| errorRef: |
| description: ErrorRef Reference to a unique workflow |
| error definition. Used of errorRefs is not used |
| type: string |
| errorRefs: |
| description: ErrorRefs References one or more workflow |
| error definitions. Used if errorRef is not used |
| items: |
| type: string |
| type: array |
| transition: |
| description: Transition to next state to handle the |
| error. If retryRef is defined, this transition is |
| taken only if retries were unsuccessful. |
| x-kubernetes-preserve-unknown-fields: true |
| type: object |
| type: array |
| operationState: |
| description: operationState defines a set of actions to |
| be performed in sequence or in parallel. |
| properties: |
| actionMode: |
| default: sequential |
| description: Specifies whether actions are performed |
| in sequence or in parallel, defaults to sequential. |
| enum: |
| - sequential |
| - parallel |
| type: string |
| actions: |
| description: Actions to be performed |
| items: |
| description: Action specify invocations of services |
| or other workflows during workflow execution. |
| properties: |
| actionDataFilter: |
| description: Filter the state data to select only |
| the data that can be used within function definition |
| arguments using its fromStateData property. |
| Filter the action results to select only the |
| result data that should be added/merged back |
| into the state data using its results property. |
| Select the part of state data which the action |
| data results should be added/merged to using |
| the toStateData property. |
| properties: |
| fromStateData: |
| description: Workflow expression that filters |
| state data that can be used by the action. |
| type: string |
| results: |
| description: Workflow expression that filters |
| the actions data results. |
| type: string |
| toStateData: |
| description: Workflow expression that selects |
| a state data element to which the action |
| results should be added/merged into. If |
| not specified denotes the top-level state |
| data element. |
| type: string |
| useResults: |
| description: If set to false, action data |
| results are not added/merged to state data. |
| In this case 'results' and 'toStateData' |
| should be ignored. Default is true. |
| type: boolean |
| type: object |
| condition: |
| description: Expression, if defined, must evaluate |
| to true for this action to be performed. If |
| false, action is disregarded. |
| type: string |
| eventRef: |
| description: References a 'trigger' and 'result' |
| reusable event definitions. |
| properties: |
| contextAttributes: |
| additionalProperties: |
| type: object |
| description: Add additional extension context |
| attributes to the produced event. |
| type: object |
| data: |
| description: If string type, an expression |
| which selects parts of the states data output |
| to become the data (payload) of the event |
| referenced by triggerEventRef. If object |
| type, a custom object to become the data |
| (payload) of the event referenced by triggerEventRef. |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function should |
| be invoked sync or async. Default is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| resultEventRef: |
| description: Reference to the unique name |
| of a 'consumed' event definition |
| type: string |
| resultEventTimeout: |
| description: Maximum amount of time (ISO 8601 |
| format) to wait for the result event. If |
| not defined it be set to the actionExecutionTimeout |
| type: string |
| triggerEventRef: |
| description: Reference to the unique name |
| of a 'produced' event definition, |
| type: string |
| required: |
| - resultEventRef |
| - triggerEventRef |
| type: object |
| functionRef: |
| description: References a reusable function definition. |
| properties: |
| arguments: |
| additionalProperties: |
| type: object |
| description: 'Arguments (inputs) to be passed |
| to the referenced function TODO: validate |
| it as required if function type is graphql' |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function should |
| be invoked sync or async. Default is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| refName: |
| description: Name of the referenced function. |
| type: string |
| selectionSet: |
| description: 'Used if function type is graphql. |
| String containing a valid GraphQL selection |
| set. TODO: validate it as required if function |
| type is graphql' |
| type: string |
| required: |
| - refName |
| type: object |
| id: |
| description: Defines Unique action identifier. |
| type: string |
| name: |
| description: Defines Unique action name. |
| type: string |
| nonRetryableErrors: |
| description: List of unique references to defined |
| workflow errors for which the action should |
| not be retried. Used only when `autoRetries` |
| is set to `true` |
| items: |
| type: string |
| type: array |
| retryRef: |
| description: References a defined workflow retry |
| definition. If not defined uses the default |
| runtime retry definition. |
| type: string |
| retryableErrors: |
| description: List of unique references to defined |
| workflow errors for which the action should |
| be retried. Used only when `autoRetries` is |
| set to `false` |
| items: |
| type: string |
| type: array |
| sleep: |
| description: Defines time period workflow execution |
| should sleep before / after function execution. |
| properties: |
| after: |
| description: Defines amount of time (ISO 8601 |
| duration format) to sleep after function/subflow |
| invocation. Does not apply if 'eventRef' |
| is defined. |
| type: string |
| before: |
| description: Defines amount of time (ISO 8601 |
| duration format) to sleep before function/subflow |
| invocation. Does not apply if 'eventRef' |
| is defined. |
| type: string |
| type: object |
| subFlowRef: |
| description: References a workflow to be invoked. |
| properties: |
| invoke: |
| default: sync |
| description: Specifies if the subflow should |
| be invoked sync or async. Defaults to sync. |
| enum: |
| - async |
| - sync |
| type: string |
| onParentComplete: |
| default: terminate |
| description: onParentComplete specifies how |
| subflow execution should behave when parent |
| workflow completes if invoke is 'async'. |
| Defaults to terminate. |
| enum: |
| - terminate |
| - continue |
| type: string |
| version: |
| description: Sub-workflow version |
| type: string |
| workflowId: |
| description: Sub-workflow unique id |
| type: string |
| required: |
| - workflowId |
| type: object |
| type: object |
| minItems: 0 |
| type: array |
| timeouts: |
| description: State specific timeouts |
| properties: |
| actionExecTimeout: |
| description: Default single actions definition execution |
| timeout (ISO 8601 duration format) |
| type: string |
| stateExecTimeout: |
| description: Defines workflow state execution timeout. |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - actions |
| type: object |
| parallelState: |
| description: parallelState Consists of a number of states |
| that are executed in parallel. |
| properties: |
| branches: |
| description: List of branches for this parallel state. |
| items: |
| description: Branch Definition |
| properties: |
| actions: |
| description: Actions to be executed in this branch |
| items: |
| description: Action specify invocations of services |
| or other workflows during workflow execution. |
| properties: |
| actionDataFilter: |
| description: Filter the state data to select |
| only the data that can be used within |
| function definition arguments using its |
| fromStateData property. Filter the action |
| results to select only the result data |
| that should be added/merged back into |
| the state data using its results property. |
| Select the part of state data which the |
| action data results should be added/merged |
| to using the toStateData property. |
| properties: |
| fromStateData: |
| description: Workflow expression that |
| filters state data that can be used |
| by the action. |
| type: string |
| results: |
| description: Workflow expression that |
| filters the actions data results. |
| type: string |
| toStateData: |
| description: Workflow expression that |
| selects a state data element to which |
| the action results should be added/merged |
| into. If not specified denotes the |
| top-level state data element. |
| type: string |
| useResults: |
| description: If set to false, action |
| data results are not added/merged |
| to state data. In this case 'results' |
| and 'toStateData' should be ignored. |
| Default is true. |
| type: boolean |
| type: object |
| condition: |
| description: Expression, if defined, must |
| evaluate to true for this action to be |
| performed. If false, action is disregarded. |
| type: string |
| eventRef: |
| description: References a 'trigger' and |
| 'result' reusable event definitions. |
| properties: |
| contextAttributes: |
| additionalProperties: |
| type: object |
| description: Add additional extension |
| context attributes to the produced |
| event. |
| type: object |
| data: |
| description: If string type, an expression |
| which selects parts of the states |
| data output to become the data (payload) |
| of the event referenced by triggerEventRef. |
| If object type, a custom object to |
| become the data (payload) of the event |
| referenced by triggerEventRef. |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function |
| should be invoked sync or async. Default |
| is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| resultEventRef: |
| description: Reference to the unique |
| name of a 'consumed' event definition |
| type: string |
| resultEventTimeout: |
| description: Maximum amount of time |
| (ISO 8601 format) to wait for the |
| result event. If not defined it be |
| set to the actionExecutionTimeout |
| type: string |
| triggerEventRef: |
| description: Reference to the unique |
| name of a 'produced' event definition, |
| type: string |
| required: |
| - resultEventRef |
| - triggerEventRef |
| type: object |
| functionRef: |
| description: References a reusable function |
| definition. |
| properties: |
| arguments: |
| additionalProperties: |
| type: object |
| description: 'Arguments (inputs) to |
| be passed to the referenced function |
| TODO: validate it as required if function |
| type is graphql' |
| type: object |
| invoke: |
| default: sync |
| description: Specifies if the function |
| should be invoked sync or async. Default |
| is sync. |
| enum: |
| - async |
| - sync |
| type: string |
| refName: |
| description: Name of the referenced |
| function. |
| type: string |
| selectionSet: |
| description: 'Used if function type |
| is graphql. String containing a valid |
| GraphQL selection set. TODO: validate |
| it as required if function type is |
| graphql' |
| type: string |
| required: |
| - refName |
| type: object |
| id: |
| description: Defines Unique action identifier. |
| type: string |
| name: |
| description: Defines Unique action name. |
| type: string |
| nonRetryableErrors: |
| description: List of unique references to |
| defined workflow errors for which the |
| action should not be retried. Used only |
| when `autoRetries` is set to `true` |
| items: |
| type: string |
| type: array |
| retryRef: |
| description: References a defined workflow |
| retry definition. If not defined uses |
| the default runtime retry definition. |
| type: string |
| retryableErrors: |
| description: List of unique references to |
| defined workflow errors for which the |
| action should be retried. Used only when |
| `autoRetries` is set to `false` |
| items: |
| type: string |
| type: array |
| sleep: |
| description: Defines time period workflow |
| execution should sleep before / after |
| function execution. |
| properties: |
| after: |
| description: Defines amount of time |
| (ISO 8601 duration format) to sleep |
| after function/subflow invocation. |
| Does not apply if 'eventRef' is defined. |
| type: string |
| before: |
| description: Defines amount of time |
| (ISO 8601 duration format) to sleep |
| before function/subflow invocation. |
| Does not apply if 'eventRef' is defined. |
| type: string |
| type: object |
| subFlowRef: |
| description: References a workflow to be |
| invoked. |
| properties: |
| invoke: |
| default: sync |
| description: Specifies if the subflow |
| should be invoked sync or async. Defaults |
| to sync. |
| enum: |
| - async |
| - sync |
| type: string |
| onParentComplete: |
| default: terminate |
| description: onParentComplete specifies |
| how subflow execution should behave |
| when parent workflow completes if |
| invoke is 'async'. Defaults to terminate. |
| enum: |
| - terminate |
| - continue |
| type: string |
| version: |
| description: Sub-workflow version |
| type: string |
| workflowId: |
| description: Sub-workflow unique id |
| type: string |
| required: |
| - workflowId |
| type: object |
| type: object |
| minItems: 1 |
| type: array |
| name: |
| description: Branch name |
| type: string |
| timeouts: |
| description: Branch specific timeout settings |
| properties: |
| actionExecTimeout: |
| description: Single actions definition execution |
| timeout duration (ISO 8601 duration format) |
| type: string |
| branchExecTimeout: |
| description: Single branch execution timeout |
| duration (ISO 8601 duration format) |
| type: string |
| type: object |
| required: |
| - actions |
| - name |
| type: object |
| minItems: 1 |
| type: array |
| completionType: |
| default: allOf |
| description: Option types on how to complete branch |
| execution. Defaults to `allOf`. |
| enum: |
| - allOf |
| - atLeast |
| type: string |
| numCompleted: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'Used when branchCompletionType is set |
| to atLeast to specify the least number of branches |
| that must complete in order for the state to transition/end. |
| TODO: change this field to unmarshal result as int' |
| x-kubernetes-int-or-string: true |
| timeouts: |
| description: State specific timeouts |
| properties: |
| branchExecTimeout: |
| description: Default single branch execution timeout |
| (ISO 8601 duration format) |
| type: string |
| stateExecTimeout: |
| description: Default workflow state execution timeout |
| (ISO 8601 duration format) |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - branches |
| type: object |
| sleepState: |
| description: sleepState suspends workflow execution for |
| a given time duration. |
| properties: |
| duration: |
| description: Duration (ISO 8601 duration format) to |
| sleep |
| type: string |
| timeouts: |
| description: Timeouts State specific timeouts |
| properties: |
| stateExecTimeout: |
| description: Default workflow state execution timeout |
| (ISO 8601 duration format) |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - duration |
| type: object |
| stateDataFilter: |
| description: State data filter. |
| properties: |
| input: |
| description: Workflow expression to filter the state |
| data input |
| type: string |
| output: |
| description: Workflow expression that filters the state |
| data output |
| type: string |
| type: object |
| switchState: |
| description: 'switchState is workflow''s gateways: direct |
| transitions onf a workflow based on certain conditions.' |
| properties: |
| dataConditions: |
| description: Defines conditions evaluated against data |
| items: |
| description: DataCondition specify a data-based condition |
| statement which causes a transition to another workflow |
| state if evaluated to true. |
| properties: |
| condition: |
| description: Workflow expression evaluated against |
| state data. Must evaluate to true or false. |
| type: string |
| end: |
| description: TODO End or Transition needs to be |
| exclusive tag, one or another should be set. |
| Explicit transition to end |
| properties: |
| compensate: |
| description: If set to true, triggers workflow |
| compensation before workflow execution completes. |
| Default is false. |
| type: boolean |
| continueAs: |
| description: Defines that current workflow |
| execution should stop, and execution should |
| continue as a new workflow instance of the |
| provided id |
| properties: |
| data: |
| description: If string type, an expression |
| which selects parts of the states data |
| output to become the workflow data input |
| of continued execution. If object type, |
| a custom object to become the workflow |
| data input of the continued execution |
| type: object |
| version: |
| description: Version of the workflow to |
| continue execution as. |
| type: string |
| workflowExecTimeout: |
| description: WorkflowExecTimeout Workflow |
| execution timeout to be used by the |
| workflow continuing execution. Overwrites |
| any specific settings set by that workflow |
| properties: |
| duration: |
| default: unlimited |
| description: Workflow execution timeout |
| duration (ISO 8601 duration format). |
| If not specified should be 'unlimited'. |
| type: string |
| interrupt: |
| description: If false, workflow instance |
| is allowed to finish current execution. |
| If true, current workflow execution |
| is stopped immediately. Default |
| is false. |
| type: boolean |
| runBefore: |
| description: Name of a workflow state |
| to be executed before workflow instance |
| is terminated. |
| type: string |
| required: |
| - duration |
| type: object |
| workflowId: |
| description: Unique id of the workflow |
| to continue execution as. |
| type: string |
| required: |
| - workflowId |
| type: object |
| produceEvents: |
| description: Array of producedEvent definitions. |
| Defines events that should be produced. |
| items: |
| description: ProduceEvent Defines the event |
| (CloudEvent format) to be produced when |
| workflow execution completes or during |
| a workflow transitions. The eventRef property |
| must match the name of one of the defined |
| produced events in the events definition. |
| properties: |
| contextAttributes: |
| additionalProperties: |
| type: string |
| description: Add additional event extension |
| context attributes. |
| type: object |
| data: |
| description: If String, expression which |
| selects parts of the states data output |
| to become the data of the produced |
| event. If object a custom object to |
| become the data of produced event. |
| type: object |
| eventRef: |
| description: Reference to a defined |
| unique event name in the events definition |
| type: string |
| required: |
| - eventRef |
| type: object |
| type: array |
| terminate: |
| description: If true, completes all execution |
| flows in the given workflow instance. |
| type: boolean |
| type: object |
| metadata: |
| additionalProperties: |
| type: object |
| description: Metadata information. |
| type: object |
| name: |
| description: Data condition name. |
| type: string |
| transition: |
| description: Workflow transition if condition |
| is evaluated to true |
| properties: |
| compensate: |
| default: false |
| description: If set to true, triggers workflow |
| compensation before this transition is taken. |
| Default is false. |
| type: boolean |
| nextState: |
| description: Name of the state to transition |
| to next. |
| type: string |
| produceEvents: |
| description: Array of producedEvent definitions. |
| Events to be produced before the transition |
| takes place. |
| items: |
| description: ProduceEvent Defines the event |
| (CloudEvent format) to be produced when |
| workflow execution completes or during |
| a workflow transitions. The eventRef property |
| must match the name of one of the defined |
| produced events in the events definition. |
| properties: |
| contextAttributes: |
| additionalProperties: |
| type: string |
| description: Add additional event extension |
| context attributes. |
| type: object |
| data: |
| description: If String, expression which |
| selects parts of the states data output |
| to become the data of the produced |
| event. If object a custom object to |
| become the data of produced event. |
| type: object |
| eventRef: |
| description: Reference to a defined |
| unique event name in the events definition |
| type: string |
| required: |
| - eventRef |
| type: object |
| type: array |
| required: |
| - nextState |
| type: object |
| required: |
| - condition |
| - end |
| type: object |
| type: array |
| defaultCondition: |
| description: Default transition of the workflow if there |
| is no matching data conditions. Can include a transition |
| or end definition. |
| properties: |
| end: |
| description: If this state an end state |
| x-kubernetes-preserve-unknown-fields: true |
| transition: |
| description: Serverless workflow states can have |
| one or more incoming and outgoing transitions |
| (from/to other states). Each state can define |
| a transition definition that is used to determine |
| which state to transition to next. |
| x-kubernetes-preserve-unknown-fields: true |
| type: object |
| eventConditions: |
| description: Defines conditions evaluated against events. |
| items: |
| description: EventCondition specify events which the |
| switch state must wait for. |
| properties: |
| end: |
| description: TODO End or Transition needs to be |
| exclusive tag, one or another should be set. |
| Explicit transition to end |
| x-kubernetes-preserve-unknown-fields: true |
| eventDataFilter: |
| description: Event data filter definition. |
| properties: |
| data: |
| description: Workflow expression that filters |
| of the event data (payload). |
| type: string |
| toStateData: |
| description: Workflow expression that selects |
| a state data element to which the action |
| results should be added/merged into. If |
| not specified denotes the top-level state |
| data element |
| type: string |
| useData: |
| description: If set to false, event payload |
| is not added/merged to state data. In this |
| case 'data' and 'toStateData' should be |
| ignored. Default is true. |
| type: boolean |
| type: object |
| eventRef: |
| description: References a unique event name in |
| the defined workflow events. |
| type: string |
| metadata: |
| description: Metadata information. |
| x-kubernetes-preserve-unknown-fields: true |
| name: |
| description: Event condition name. |
| type: string |
| transition: |
| description: Workflow transition if condition |
| is evaluated to true |
| x-kubernetes-preserve-unknown-fields: true |
| required: |
| - eventRef |
| type: object |
| type: array |
| timeouts: |
| description: SwitchState specific timeouts |
| properties: |
| eventTimeout: |
| description: 'Specify the expire value to transitions |
| to defaultCondition. When event-based conditions |
| do not arrive. NOTE: this is only available for |
| EventConditions' |
| type: string |
| stateExecTimeout: |
| description: Default workflow state execution timeout |
| (ISO 8601 duration format) |
| properties: |
| single: |
| description: Single state execution timeout, |
| not including retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, |
| including retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| type: object |
| required: |
| - defaultCondition |
| type: object |
| transition: |
| description: Next transition of the workflow after the time |
| delay. |
| x-kubernetes-preserve-unknown-fields: true |
| type: |
| description: stateType can be any of delay, callback, event, |
| foreach, inject, operation, parallel, sleep, switch |
| enum: |
| - delay |
| - callback |
| - event |
| - foreach |
| - inject |
| - operation |
| - parallel |
| - sleep |
| - switch |
| type: string |
| usedForCompensation: |
| description: If true, this state is used to compensate another |
| state. Default is false. |
| type: boolean |
| required: |
| - name |
| - type |
| type: object |
| minItems: 1 |
| type: array |
| x-kubernetes-preserve-unknown-fields: true |
| timeouts: |
| description: Defines the workflow default timeout settings. |
| properties: |
| actionExecTimeout: |
| description: ActionExecTimeout Single actions definition execution |
| timeout duration (ISO 8601 duration format). |
| type: string |
| branchExecTimeout: |
| description: BranchExecTimeout Single branch execution timeout |
| duration (ISO 8601 duration format). |
| type: string |
| eventTimeout: |
| description: EventTimeout Timeout duration to wait for consuming |
| defined events (ISO 8601 duration format). |
| type: string |
| stateExecTimeout: |
| description: StateExecTimeout Total state execution timeout |
| (including retries) (ISO 8601 duration format). |
| properties: |
| single: |
| description: Single state execution timeout, not including |
| retries (ISO 8601 duration format) |
| type: string |
| total: |
| description: Total state execution timeout, including |
| retries (ISO 8601 duration format) |
| type: string |
| required: |
| - total |
| type: object |
| workflowExecTimeout: |
| description: WorkflowExecTimeout Workflow execution timeout |
| duration (ISO 8601 duration format). If not specified should |
| be 'unlimited'. |
| properties: |
| duration: |
| default: unlimited |
| description: Workflow execution timeout duration (ISO |
| 8601 duration format). If not specified should be 'unlimited'. |
| type: string |
| interrupt: |
| description: If false, workflow instance is allowed to |
| finish current execution. If true, current workflow |
| execution is stopped immediately. Default is false. |
| type: boolean |
| runBefore: |
| description: Name of a workflow state to be executed before |
| workflow instance is terminated. |
| type: string |
| required: |
| - duration |
| type: object |
| type: object |
| required: |
| - states |
| type: object |
| podTemplate: |
| description: PodTemplate describes the deployment details of this |
| SonataFlow instance. |
| properties: |
| activeDeadlineSeconds: |
| description: Optional duration in seconds the pod may be active |
| on the node relative to StartTime before the system will actively |
| try to mark it failed and kill associated containers. Value |
| must be a positive integer. |
| format: int64 |
| type: integer |
| affinity: |
| description: If specified, the pod's scheduling constraints |
| properties: |
| nodeAffinity: |
| description: Describes node affinity scheduling rules for |
| the pod. |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule pods |
| to nodes that satisfy the affinity expressions specified |
| by this field, but it may choose a node that violates |
| one or more of the expressions. The node that is most |
| preferred is the one with the greatest sum of weights, |
| i.e. for each node that meets all of the scheduling |
| requirements (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by iterating |
| through the elements of this field and adding "weight" |
| to the sum if the node matches the corresponding matchExpressions; |
| the node(s) with the highest sum are the most preferred. |
| items: |
| description: An empty preferred scheduling term matches |
| all objects with implicit weight 0 (i.e. it's a no-op). |
| A null preferred scheduling term matches no objects |
| (i.e. is also a no-op). |
| properties: |
| preference: |
| description: A node selector term, associated with |
| the corresponding weight. |
| properties: |
| matchExpressions: |
| description: A list of node selector requirements |
| by node's labels. |
| items: |
| description: A node selector requirement is |
| a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: The label key that the selector |
| applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, the |
| values array must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be empty. If the |
| operator is Gt or Lt, the values array |
| must have a single element, which will |
| be interpreted as an integer. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector requirements |
| by node's fields. |
| items: |
| description: A node selector requirement is |
| a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: The label key that the selector |
| applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, the |
| values array must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be empty. If the |
| operator is Gt or Lt, the values array |
| must have a single element, which will |
| be interpreted as an integer. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| weight: |
| description: Weight associated with matching the |
| corresponding nodeSelectorTerm, in the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - preference |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified by |
| this field are not met at scheduling time, the pod will |
| not be scheduled onto the node. If the affinity requirements |
| specified by this field cease to be met at some point |
| during pod execution (e.g. due to an update), the system |
| may or may not try to eventually evict the pod from |
| its node. |
| properties: |
| nodeSelectorTerms: |
| description: Required. A list of node selector terms. |
| The terms are ORed. |
| items: |
| description: A null or empty node selector term |
| matches no objects. The requirements of them are |
| ANDed. The TopologySelectorTerm type implements |
| a subset of the NodeSelectorTerm. |
| properties: |
| matchExpressions: |
| description: A list of node selector requirements |
| by node's labels. |
| items: |
| description: A node selector requirement is |
| a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: The label key that the selector |
| applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, the |
| values array must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be empty. If the |
| operator is Gt or Lt, the values array |
| must have a single element, which will |
| be interpreted as an integer. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector requirements |
| by node's fields. |
| items: |
| description: A node selector requirement is |
| a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: The label key that the selector |
| applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, the |
| values array must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be empty. If the |
| operator is Gt or Lt, the values array |
| must have a single element, which will |
| be interpreted as an integer. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| required: |
| - nodeSelectorTerms |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| podAffinity: |
| description: Describes pod affinity scheduling rules (e.g. |
| co-locate this pod in the same node, zone, etc. as some |
| other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule pods |
| to nodes that satisfy the affinity expressions specified |
| by this field, but it may choose a node that violates |
| one or more of the expressions. The node that is most |
| preferred is the one with the greatest sum of weights, |
| i.e. for each node that meets all of the scheduling |
| requirements (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by iterating |
| through the elements of this field and adding "weight" |
| to the sum if the node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest sum are |
| the most preferred. |
| items: |
| description: The weights of all of the matched WeightedPodAffinityTerm |
| fields are added per-node to find the most preferred |
| node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, associated |
| with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by |
| this field and the ones listed in the namespaces |
| field. null selector and null or empty namespaces |
| list means "this pod's namespace". An empty |
| selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. |
| The term is applied to the union of the namespaces |
| listed in this field and the ones selected |
| by namespaceSelector. null or empty namespaces |
| list and null namespaceSelector means "this |
| pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the |
| pods matching the labelSelector in the specified |
| namespaces, where co-located is defined as |
| running on a node whose value of the label |
| with key topologyKey matches that of any node |
| on which any of the selected pods is running. |
| Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching the |
| corresponding podAffinityTerm, in the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified by |
| this field are not met at scheduling time, the pod will |
| not be scheduled onto the node. If the affinity requirements |
| specified by this field cease to be met at some point |
| during pod execution (e.g. due to a pod label update), |
| the system may or may not try to eventually evict the |
| pod from its node. When there are multiple elements, |
| the lists of nodes corresponding to each podAffinityTerm |
| are intersected, i.e. all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those matching |
| the labelSelector relative to the given namespace(s)) |
| that this pod should be co-located (affinity) or not |
| co-located (anti-affinity) with, where co-located |
| is defined as running on a node whose value of the |
| label with key <topologyKey> matches that of any node |
| on which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: key is the label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is |
| "In", and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by this |
| field and the ones listed in the namespaces field. |
| null selector and null or empty namespaces list |
| means "this pod's namespace". An empty selector |
| ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: key is the label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is |
| "In", and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. The |
| term is applied to the union of the namespaces |
| listed in this field and the ones selected by |
| namespaceSelector. null or empty namespaces list |
| and null namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the pods |
| matching the labelSelector in the specified namespaces, |
| where co-located is defined as running on a node |
| whose value of the label with key topologyKey |
| matches that of any node on which any of the selected |
| pods is running. Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| podAntiAffinity: |
| description: Describes pod anti-affinity scheduling rules |
| (e.g. avoid putting this pod in the same node, zone, etc. |
| as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule pods |
| to nodes that satisfy the anti-affinity expressions |
| specified by this field, but it may choose a node that |
| violates one or more of the expressions. The node that |
| is most preferred is the one with the greatest sum of |
| weights, i.e. for each node that meets all of the scheduling |
| requirements (resource request, requiredDuringScheduling |
| anti-affinity expressions, etc.), compute a sum by iterating |
| through the elements of this field and adding "weight" |
| to the sum if the node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest sum are |
| the most preferred. |
| items: |
| description: The weights of all of the matched WeightedPodAffinityTerm |
| fields are added per-node to find the most preferred |
| node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, associated |
| with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by |
| this field and the ones listed in the namespaces |
| field. null selector and null or empty namespaces |
| list means "this pod's namespace". An empty |
| selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. |
| The term is applied to the union of the namespaces |
| listed in this field and the ones selected |
| by namespaceSelector. null or empty namespaces |
| list and null namespaceSelector means "this |
| pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the |
| pods matching the labelSelector in the specified |
| namespaces, where co-located is defined as |
| running on a node whose value of the label |
| with key topologyKey matches that of any node |
| on which any of the selected pods is running. |
| Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching the |
| corresponding podAffinityTerm, in the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the anti-affinity requirements specified |
| by this field are not met at scheduling time, the pod |
| will not be scheduled onto the node. If the anti-affinity |
| requirements specified by this field cease to be met |
| at some point during pod execution (e.g. due to a pod |
| label update), the system may or may not try to eventually |
| evict the pod from its node. When there are multiple |
| elements, the lists of nodes corresponding to each podAffinityTerm |
| are intersected, i.e. all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those matching |
| the labelSelector relative to the given namespace(s)) |
| that this pod should be co-located (affinity) or not |
| co-located (anti-affinity) with, where co-located |
| is defined as running on a node whose value of the |
| label with key <topologyKey> matches that of any node |
| on which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: key is the label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is |
| "In", and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by this |
| field and the ones listed in the namespaces field. |
| null selector and null or empty namespaces list |
| means "this pod's namespace". An empty selector |
| ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: key is the label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is |
| "In", and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. The |
| term is applied to the union of the namespaces |
| listed in this field and the ones selected by |
| namespaceSelector. null or empty namespaces list |
| and null namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the pods |
| matching the labelSelector in the specified namespaces, |
| where co-located is defined as running on a node |
| whose value of the label with key topologyKey |
| matches that of any node on which any of the selected |
| pods is running. Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| type: object |
| automountServiceAccountToken: |
| description: AutomountServiceAccountToken indicates whether a |
| service account token should be automatically mounted. |
| type: boolean |
| container: |
| description: Container is the Kubernetes container where the application |
| should run. One can change this attribute in order to override |
| the defaults provided by the operator. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container image''s |
| CMD is used if this is not provided. Variable references |
| $(VAR_NAME) are expanded using the container''s environment. |
| If a variable cannot be resolved, the reference in the input |
| string will be unchanged. Double $$ are reduced to a single |
| $, which allows for escaping the $(VAR_NAME) syntax: i.e. |
| "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless of |
| whether the variable exists or not. Cannot be updated. More |
| info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within a shell. |
| The container image''s ENTRYPOINT is used if this is not |
| provided. Variable references $(VAR_NAME) are expanded using |
| the container''s environment. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references will |
| never be expanded, regardless of whether the variable exists |
| or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in the container. |
| Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable present |
| in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are expanded |
| using the previously defined environment variables |
| in the container and any service environment variables. |
| If a variable cannot be resolved, the reference in |
| the input string will be unchanged. Double $$ are |
| reduced to a single $, which allows for escaping the |
| $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's value. |
| Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap or |
| its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the pod's |
| namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its |
| key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment variables |
| in the container. The keys defined within a source must |
| be a C_IDENTIFIER. All invalid keys will be reported as |
| an event when the container is starting. When a key exists |
| in multiple sources, the value associated with the last |
| source will take precedence. Values defined by an Env with |
| a duplicate key will take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of a set |
| of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend to each |
| key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must be |
| defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config management |
| to default or override container images in workload controllers |
| like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, IfNotPresent. |
| Defaults to Always if :latest tag is specified, or IfNotPresent |
| otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should take |
| in response to container lifecycle events. Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after a |
| container is created. If the handler fails, the container |
| is terminated and restarted according to its restart |
| policy. Other management of the container blocks until |
| the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory |
| for the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it |
| is not run inside a shell, so traditional shell |
| instructions ('|', etc) won't work. To use a |
| shell, you need to explicitly call out to that |
| shell. Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to |
| perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this field |
| and lifecycle hooks will fail in runtime when tcp |
| handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before a container |
| is terminated due to an API request or management event |
| such as liveness/startup probe failure, preemption, |
| resource contention, etc. The handler is not called |
| if the container crashes or exits. The Pod''s termination |
| grace period countdown begins before the PreStop hook |
| is executed. Regardless of the outcome of the handler, |
| the container will eventually terminate within the Pod''s |
| termination grace period (unless delayed by finalizers). |
| Other management of the container blocks until the hook |
| completes or until the termination grace period is reached. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory |
| for the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it |
| is not run inside a shell, so traditional shell |
| instructions ('|', etc) won't work. To use a |
| shell, you need to explicitly call out to that |
| shell. Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to |
| perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this field |
| and lifecycle hooks will fail in runtime when tcp |
| handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. Container |
| will be restarted if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| ports: |
| description: List of ports to expose from the container. Not |
| specifying a port here DOES NOT prevent that port from being |
| exposed. Any port which is listening on the default "0.0.0.0" |
| address inside a container will be accessible from the network. |
| Modifying this array with strategic merge patch may corrupt |
| the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port in |
| a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's IP |
| address. This must be a valid port number, 0 < x < |
| 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external port |
| to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. If |
| specified, this must be a valid port number, 0 < x |
| < 65536. If HostNetwork is specified, this must match |
| ContainerPort. Most containers do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in a pod |
| must have a unique name. Name for the port that can |
| be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, or |
| SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if the |
| probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource resize |
| policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this resource |
| resize policy applies. Supported values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where this |
| field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of compute |
| resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount of |
| compute resources required. If Requests is omitted for |
| a container, it defaults to Limits if that is explicitly |
| specified, otherwise to an implementation-defined value. |
| Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields of |
| SecurityContext override the equivalent fields of PodSecurityContext. |
| More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls whether |
| a process can gain more privileges than its parent process. |
| This bool directly controls if the no_new_privs flag |
| will be set on the container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run as Privileged |
| 2) has CAP_SYS_ADMIN Note that this field cannot be |
| set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this field |
| cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc mount |
| to use for the containers. The default is DefaultProcMount |
| which uses the container runtime defaults for readonly |
| paths and masked paths. This requires the ProcMountType |
| feature flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only root |
| filesystem. Default is false. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the container |
| process. Uses runtime default if unset. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run as |
| a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not run |
| as UID 0 (root) and fail to start the container if it |
| does. If unset or false, no such validation will be |
| performed. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the container |
| process. Defaults to user specified in image metadata |
| if unspecified. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to the |
| container. If unspecified, the container runtime will |
| allocate a random SELinux context for each container. May |
| also be set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that applies |
| to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that applies |
| to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that applies |
| to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that applies |
| to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this container. |
| If seccomp options are provided at both the pod & container |
| level, the container options override the pod options. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. The |
| profile must be preconfigured on the node to work. |
| Must be a descending path, relative to the kubelet's |
| configured seccomp profile location. Must only be |
| set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: \n Localhost |
| - a profile defined in a file on the node should |
| be used. RuntimeDefault - the container runtime |
| default profile should be used. Unconfined - no |
| profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied to |
| all containers. If unspecified, the options from the |
| PodSecurityContext will be used. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set |
| when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential spec |
| named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name of |
| the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. This |
| field is alpha-level and will only be honored by |
| components that enable the WindowsHostProcessContainers |
| feature flag. Setting this field without the feature |
| flag will result in errors when validating the Pod. |
| All of a Pod's containers must have the same effective |
| HostProcess value (it is not allowed to have a mix |
| of HostProcess containers and non-HostProcess containers). In |
| addition, if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the entrypoint |
| of the container process. Defaults to the user specified |
| in image metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has successfully |
| initialized. If specified, no other probes are executed |
| until this completes successfully. If this probe fails, |
| the Pod will be restarted, just as if the livenessProbe |
| failed. This can be used to provide different probe parameters |
| at the beginning of a Pod''s lifecycle, when it might take |
| a long time to load data or warm a cache, than during steady-state |
| operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate a buffer |
| for stdin in the container runtime. If this is not set, |
| reads from stdin in the container will always result in |
| EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close the |
| stdin channel after it has been opened by a single attach. |
| When stdin is true the stdin stream will remain open across |
| multiple attach sessions. If stdinOnce is set to true, stdin |
| is opened on container start, is empty until the first client |
| attaches to stdin, and then remains open and accepts data |
| until the client disconnects, at which time stdin is closed |
| and remains closed until the container is restarted. If |
| this flag is false, a container processes that reads from |
| stdin will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which the |
| container''s termination message will be written is mounted |
| into the container''s filesystem. Message written is intended |
| to be brief final status, such as an assertion failure message. |
| Will be truncated by the node if greater than 4096 bytes. |
| The total message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should be |
| populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last chunk |
| of container log output if the termination message file |
| is empty and the container exited with an error. The log |
| output is limited to 2048 bytes or 80 lines, whichever is |
| smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate a TTY |
| for itself, also requires 'stdin' to be true. Default is |
| false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices to |
| be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a raw block |
| device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of the container |
| that the device will be mapped to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's filesystem. |
| Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a Volume |
| within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which the |
| volume should be mounted. Must not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and the |
| other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write otherwise |
| (false or unspecified). Defaults to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which the container's |
| volume should be mounted. Defaults to "" (volume's |
| root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from which |
| the container's volume should be mounted. Behaves |
| similarly to SubPath but environment variable references |
| $(VAR_NAME) are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| type: object |
| containers: |
| description: List of containers belonging to the pod. Containers |
| cannot currently be added or removed. There must be at least |
| one container in a Pod. Cannot be updated. |
| items: |
| description: A single application container that you want to |
| run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the reference |
| in the input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string literal |
| "$(VAR_NAME)". Escaped references will never be expanded, |
| regardless of whether the variable exists or not. Cannot |
| be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within a shell. |
| The container image''s ENTRYPOINT is used if this is not |
| provided. Variable references $(VAR_NAME) are expanded |
| using the container''s environment. If a variable cannot |
| be resolved, the reference in the input string will be |
| unchanged. Double $$ are reduced to a single $, which |
| allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of whether |
| the variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in the |
| container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are |
| expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of |
| whether the variable exists or not. Defaults to |
| "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for |
| volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the |
| pod's namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or |
| its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment variables |
| in the container. The keys defined within a source must |
| be a C_IDENTIFIER. All invalid keys will be reported as |
| an event when the container is starting. When a key exists |
| in multiple sources, the value associated with the last |
| source will take precedence. Values defined by an Env |
| with a duplicate key will take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of a |
| set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend to |
| each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must be |
| defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config management |
| to default or override container images in workload controllers |
| like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, IfNotPresent. |
| Defaults to Always if :latest tag is specified, or IfNotPresent |
| otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should take |
| in response to container lifecycle events. Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, the |
| container is terminated and restarted according to |
| its restart policy. Other management of the container |
| blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this |
| field and lifecycle hooks will fail in runtime |
| when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before a |
| container is terminated due to an API request or management |
| event such as liveness/startup probe failure, preemption, |
| resource contention, etc. The handler is not called |
| if the container crashes or exits. The Pod''s termination |
| grace period countdown begins before the PreStop hook |
| is executed. Regardless of the outcome of the handler, |
| the container will eventually terminate within the |
| Pod''s termination grace period (unless delayed by |
| finalizers). Other management of the container blocks |
| until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this |
| field and lifecycle hooks will fail in runtime |
| when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. Container |
| will be restarted if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it is |
| not run inside a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you need |
| to explicitly call out to that shell. Exit status |
| of 0 is treated as live/healthy and non-zero is |
| unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in |
| httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided |
| by the pod spec. Value must be non-negative integer. |
| The value zero indicates stop immediately via the |
| kill signal (no opportunity to shut down). This is |
| a beta field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on the |
| default "0.0.0.0" address inside a container will be accessible |
| from the network. Modifying this array with strategic |
| merge patch may corrupt the data. For more information |
| See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port in |
| a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, 0 |
| < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external port |
| to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, this |
| must match ContainerPort. Most containers do not |
| need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in a |
| pod must have a unique name. Name for the port that |
| can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if the |
| probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it is |
| not run inside a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you need |
| to explicitly call out to that shell. Exit status |
| of 0 is treated as live/healthy and non-zero is |
| unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in |
| httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided |
| by the pod spec. Value must be non-negative integer. |
| The value zero indicates stop immediately via the |
| kill signal (no opportunity to shut down). This is |
| a beta field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this resource |
| resize policy applies. Supported values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in |
| PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where |
| this field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of |
| compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is omitted |
| for a container, it defaults to Limits if that is |
| explicitly specified, otherwise to an implementation-defined |
| value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields of |
| SecurityContext override the equivalent fields of PodSecurityContext. |
| More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls whether |
| a process can gain more privileges than its parent |
| process. This bool directly controls if the no_new_privs |
| flag will be set on the container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run as Privileged |
| 2) has CAP_SYS_ADMIN Note that this field cannot be |
| set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this field |
| cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc mount |
| to use for the containers. The default is DefaultProcMount |
| which uses the container runtime defaults for readonly |
| paths and masked paths. This requires the ProcMountType |
| feature flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the container |
| process. Uses runtime default if unset. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run as |
| a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not run |
| as UID 0 (root) and fail to start the container if |
| it does. If unset or false, no such validation will |
| be performed. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the container |
| process. Defaults to user specified in image metadata |
| if unspecified. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to the |
| container. If unspecified, the container runtime will |
| allocate a random SELinux context for each container. May |
| also be set in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence. Note |
| that this field cannot be set when spec.os.name is |
| windows. |
| properties: |
| level: |
| description: Level is SELinux level label that applies |
| to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that applies |
| to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that applies |
| to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that applies |
| to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this container. |
| If seccomp options are provided at both the pod & |
| container level, the container options override the |
| pod options. Note that this field cannot be set when |
| spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative to |
| the kubelet's configured seccomp profile location. |
| Must only be set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: \n |
| Localhost - a profile defined in a file on the |
| node should be used. RuntimeDefault - the container |
| runtime default profile should be used. Unconfined |
| - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied to |
| all containers. If unspecified, the options from the |
| PodSecurityContext will be used. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set |
| when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential spec |
| named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. This |
| field is alpha-level and will only be honored |
| by components that enable the WindowsHostProcessContainers |
| feature flag. Setting this field without the feature |
| flag will result in errors when validating the |
| Pod. All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and non-HostProcess |
| containers). In addition, if HostProcess is true |
| then HostNetwork must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the |
| entrypoint of the container process. Defaults |
| to the user specified in image metadata if unspecified. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has successfully |
| initialized. If specified, no other probes are executed |
| until this completes successfully. If this probe fails, |
| the Pod will be restarted, just as if the livenessProbe |
| failed. This can be used to provide different probe parameters |
| at the beginning of a Pod''s lifecycle, when it might |
| take a long time to load data or warm a cache, than during |
| steady-state operation. This cannot be updated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it is |
| not run inside a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you need |
| to explicitly call out to that shell. Exit status |
| of 0 is treated as live/healthy and non-zero is |
| unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in |
| httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided |
| by the pod spec. Value must be non-negative integer. |
| The value zero indicates stop immediately via the |
| kill signal (no opportunity to shut down). This is |
| a beta field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate a buffer |
| for stdin in the container runtime. If this is not set, |
| reads from stdin in the container will always result in |
| EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce is |
| set to true, stdin is opened on container start, is empty |
| until the first client attaches to stdin, and then remains |
| open and accepts data until the client disconnects, at |
| which time stdin is closed and remains closed until the |
| container is restarted. If this flag is false, a container |
| processes that reads from stdin will never receive an |
| EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written is |
| mounted into the container''s filesystem. Message written |
| is intended to be brief final status, such as an assertion |
| failure message. Will be truncated by the node if greater |
| than 4096 bytes. The total message length across all containers |
| will be limited to 12kb. Defaults to /dev/termination-log. |
| Cannot be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last chunk |
| of container log output if the termination message file |
| is empty and the container exited with an error. The log |
| output is limited to 2048 bytes or 80 lines, whichever |
| is smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate a TTY |
| for itself, also requires 'stdin' to be true. Default |
| is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a raw |
| block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of the |
| container that the device will be mapped to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's filesystem. |
| Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a Volume |
| within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which the |
| volume should be mounted. Must not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and the |
| other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which the |
| container's volume should be mounted. Defaults to |
| "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment variable |
| references $(VAR_NAME) are expanded using the container's |
| environment. Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which might |
| be configured in the container image. Cannot be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| dnsConfig: |
| description: Specifies the DNS parameters of a pod. Parameters |
| specified here will be merged to the generated DNS configuration |
| based on DNSPolicy. |
| properties: |
| nameservers: |
| description: A list of DNS name server IP addresses. This |
| will be appended to the base nameservers generated from |
| DNSPolicy. Duplicated nameservers will be removed. |
| items: |
| type: string |
| type: array |
| options: |
| description: A list of DNS resolver options. This will be |
| merged with the base options generated from DNSPolicy. Duplicated |
| entries will be removed. Resolution options given in Options |
| will override those that appear in the base DNSPolicy. |
| items: |
| description: PodDNSConfigOption defines DNS resolver options |
| of a pod. |
| properties: |
| name: |
| description: Required. |
| type: string |
| value: |
| type: string |
| type: object |
| type: array |
| searches: |
| description: A list of DNS search domains for host-name lookup. |
| This will be appended to the base search paths generated |
| from DNSPolicy. Duplicated search paths will be removed. |
| items: |
| type: string |
| type: array |
| type: object |
| dnsPolicy: |
| description: Set DNS policy for the pod. Defaults to "ClusterFirst". |
| Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', |
| 'Default' or 'None'. DNS parameters given in DNSConfig will |
| be merged with the policy selected with DNSPolicy. To have DNS |
| options set along with hostNetwork, you have to specify DNS |
| policy explicitly to 'ClusterFirstWithHostNet'. |
| type: string |
| enableServiceLinks: |
| description: 'EnableServiceLinks indicates whether information |
| about services should be injected into pod''s environment variables, |
| matching the syntax of Docker links. Optional: Defaults to true.' |
| type: boolean |
| hostAliases: |
| description: HostAliases is an optional list of hosts and IPs |
| that will be injected into the pod's hosts file if specified. |
| This is only valid for non-hostNetwork pods. |
| items: |
| description: HostAlias holds the mapping between IP and hostnames |
| that will be injected as an entry in the pod's hosts file. |
| properties: |
| hostnames: |
| description: Hostnames for the above IP address. |
| items: |
| type: string |
| type: array |
| ip: |
| description: IP address of the host file entry. |
| type: string |
| type: object |
| type: array |
| hostIPC: |
| description: 'Use the host''s ipc namespace. Optional: Default |
| to false.' |
| type: boolean |
| hostNetwork: |
| description: Host networking requested for this pod. Use the host's |
| network namespace. If this option is set, the ports that will |
| be used must be specified. Default to false. |
| type: boolean |
| hostPID: |
| description: 'Use the host''s pid namespace. Optional: Default |
| to false.' |
| type: boolean |
| hostUsers: |
| description: 'Use the host''s user namespace. Optional: Default |
| to true. If set to true or not present, the pod will be run |
| in the host user namespace, useful for when the pod needs a |
| feature only available to the host user namespace, such as loading |
| a kernel module with CAP_SYS_MODULE. When set to false, a new |
| userns is created for the pod. Setting false is useful for mitigating |
| container breakout vulnerabilities even allowing users to run |
| their containers as root without actually having root privileges |
| on the host. This field is alpha-level and is only honored by |
| servers that enable the UserNamespacesSupport feature.' |
| type: boolean |
| hostname: |
| description: Specifies the hostname of the Pod If not specified, |
| the pod's hostname will be set to a system-defined value. |
| type: string |
| imagePullSecrets: |
| description: 'ImagePullSecrets is an optional list of references |
| to secrets in the same namespace to use for pulling any of the |
| images used by this PodSpec. If specified, these secrets will |
| be passed to individual puller implementations for them to use. |
| More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' |
| items: |
| description: LocalObjectReference contains enough information |
| to let you locate the referenced object inside the same namespace. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| initContainers: |
| description: 'List of initialization containers belonging to the |
| pod. Init containers are executed in order prior to containers |
| being started. If any init container fails, the pod is considered |
| to have failed and is handled according to its restartPolicy. |
| The name for an init container or normal container must be unique |
| among all containers. Init containers may not have Lifecycle |
| actions, Readiness probes, Liveness probes, or Startup probes. |
| The resourceRequirements of an init container are taken into |
| account during scheduling by finding the highest request/limit |
| for each resource type, and then using the max of of that value |
| or the sum of the normal containers. Limits are applied to init |
| containers in a similar fashion. Init containers cannot currently |
| be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' |
| items: |
| description: A single application container that you want to |
| run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the reference |
| in the input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string literal |
| "$(VAR_NAME)". Escaped references will never be expanded, |
| regardless of whether the variable exists or not. Cannot |
| be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within a shell. |
| The container image''s ENTRYPOINT is used if this is not |
| provided. Variable references $(VAR_NAME) are expanded |
| using the container''s environment. If a variable cannot |
| be resolved, the reference in the input string will be |
| unchanged. Double $$ are reduced to a single $, which |
| allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of whether |
| the variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in the |
| container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are |
| expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". Escaped |
| references will never be expanded, regardless of |
| whether the variable exists or not. Defaults to |
| "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for |
| volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the |
| pod's namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or |
| its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment variables |
| in the container. The keys defined within a source must |
| be a C_IDENTIFIER. All invalid keys will be reported as |
| an event when the container is starting. When a key exists |
| in multiple sources, the value associated with the last |
| source will take precedence. Values defined by an Env |
| with a duplicate key will take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of a |
| set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend to |
| each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must be |
| defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config management |
| to default or override container images in workload controllers |
| like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, IfNotPresent. |
| Defaults to Always if :latest tag is specified, or IfNotPresent |
| otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should take |
| in response to container lifecycle events. Cannot be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, the |
| container is terminated and restarted according to |
| its restart policy. Other management of the container |
| blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this |
| field and lifecycle hooks will fail in runtime |
| when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before a |
| container is terminated due to an API request or management |
| event such as liveness/startup probe failure, preemption, |
| resource contention, etc. The handler is not called |
| if the container crashes or exits. The Pod''s termination |
| grace period countdown begins before the PreStop hook |
| is executed. Regardless of the outcome of the handler, |
| the container will eventually terminate within the |
| Pod''s termination grace period (unless delayed by |
| finalizers). Other management of the container blocks |
| until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this |
| field and lifecycle hooks will fail in runtime |
| when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. Container |
| will be restarted if the probe fails. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it is |
| not run inside a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you need |
| to explicitly call out to that shell. Exit status |
| of 0 is treated as live/healthy and non-zero is |
| unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in |
| httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided |
| by the pod spec. Value must be non-negative integer. |
| The value zero indicates stop immediately via the |
| kill signal (no opportunity to shut down). This is |
| a beta field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on the |
| default "0.0.0.0" address inside a container will be accessible |
| from the network. Modifying this array with strategic |
| merge patch may corrupt the data. For more information |
| See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port in |
| a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, 0 |
| < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external port |
| to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, this |
| must match ContainerPort. Most containers do not |
| need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in a |
| pod must have a unique name. Name for the port that |
| can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if the |
| probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it is |
| not run inside a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you need |
| to explicitly call out to that shell. Exit status |
| of 0 is treated as live/healthy and non-zero is |
| unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in |
| httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided |
| by the pod spec. Value must be non-negative integer. |
| The value zero indicates stop immediately via the |
| kill signal (no opportunity to shut down). This is |
| a beta field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this resource |
| resize policy applies. Supported values: cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in |
| PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where |
| this field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of |
| compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is omitted |
| for a container, it defaults to Limits if that is |
| explicitly specified, otherwise to an implementation-defined |
| value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields of |
| SecurityContext override the equivalent fields of PodSecurityContext. |
| More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls whether |
| a process can gain more privileges than its parent |
| process. This bool directly controls if the no_new_privs |
| flag will be set on the container process. AllowPrivilegeEscalation |
| is true always when the container is: 1) run as Privileged |
| 2) has CAP_SYS_ADMIN Note that this field cannot be |
| set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this field |
| cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc mount |
| to use for the containers. The default is DefaultProcMount |
| which uses the container runtime defaults for readonly |
| paths and masked paths. This requires the ProcMountType |
| feature flag to be enabled. Note that this field cannot |
| be set when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the container |
| process. Uses runtime default if unset. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run as |
| a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not run |
| as UID 0 (root) and fail to start the container if |
| it does. If unset or false, no such validation will |
| be performed. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the container |
| process. Defaults to user specified in image metadata |
| if unspecified. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to the |
| container. If unspecified, the container runtime will |
| allocate a random SELinux context for each container. May |
| also be set in PodSecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence. Note |
| that this field cannot be set when spec.os.name is |
| windows. |
| properties: |
| level: |
| description: Level is SELinux level label that applies |
| to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that applies |
| to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that applies |
| to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that applies |
| to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this container. |
| If seccomp options are provided at both the pod & |
| container level, the container options override the |
| pod options. Note that this field cannot be set when |
| spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative to |
| the kubelet's configured seccomp profile location. |
| Must only be set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: \n |
| Localhost - a profile defined in a file on the |
| node should be used. RuntimeDefault - the container |
| runtime default profile should be used. Unconfined |
| - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied to |
| all containers. If unspecified, the options from the |
| PodSecurityContext will be used. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set |
| when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential spec |
| named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. This |
| field is alpha-level and will only be honored |
| by components that enable the WindowsHostProcessContainers |
| feature flag. Setting this field without the feature |
| flag will result in errors when validating the |
| Pod. All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and non-HostProcess |
| containers). In addition, if HostProcess is true |
| then HostNetwork must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the |
| entrypoint of the container process. Defaults |
| to the user specified in image metadata if unspecified. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has successfully |
| initialized. If specified, no other probes are executed |
| until this completes successfully. If this probe fails, |
| the Pod will be restarted, just as if the livenessProbe |
| failed. This can be used to provide different probe parameters |
| at the beginning of a Pod''s lifecycle, when it might |
| take a long time to load data or warm a cache, than during |
| steady-state operation. This cannot be updated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it is |
| not run inside a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, you need |
| to explicitly call out to that shell. Exit status |
| of 0 is treated as live/healthy and non-zero is |
| unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in |
| httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum |
| value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided |
| by the pod spec. Value must be non-negative integer. |
| The value zero indicates stop immediately via the |
| kill signal (no opportunity to shut down). This is |
| a beta field and requires enabling ProbeTerminationGracePeriod |
| feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is |
| 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate a buffer |
| for stdin in the container runtime. If this is not set, |
| reads from stdin in the container will always result in |
| EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce is |
| set to true, stdin is opened on container start, is empty |
| until the first client attaches to stdin, and then remains |
| open and accepts data until the client disconnects, at |
| which time stdin is closed and remains closed until the |
| container is restarted. If this flag is false, a container |
| processes that reads from stdin will never receive an |
| EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written is |
| mounted into the container''s filesystem. Message written |
| is intended to be brief final status, such as an assertion |
| failure message. Will be truncated by the node if greater |
| than 4096 bytes. The total message length across all containers |
| will be limited to 12kb. Defaults to /dev/termination-log. |
| Cannot be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last chunk |
| of container log output if the termination message file |
| is empty and the container exited with an error. The log |
| output is limited to 2048 bytes or 80 lines, whichever |
| is smaller. Defaults to File. Cannot be updated. |
| type: string |
| tty: |
| description: Whether this container should allocate a TTY |
| for itself, also requires 'stdin' to be true. Default |
| is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a raw |
| block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of the |
| container that the device will be mapped to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's filesystem. |
| Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a Volume |
| within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which the |
| volume should be mounted. Must not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and the |
| other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which the |
| container's volume should be mounted. Defaults to |
| "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment variable |
| references $(VAR_NAME) are expanded using the container's |
| environment. Defaults to "" (volume's root). SubPathExpr |
| and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which might |
| be configured in the container image. Cannot be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| nodeName: |
| description: NodeName is a request to schedule this pod onto a |
| specific node. If it is non-empty, the scheduler simply schedules |
| this pod onto that node, assuming that it fits resource requirements. |
| type: string |
| nodeSelector: |
| additionalProperties: |
| type: string |
| description: 'NodeSelector is a selector which must be true for |
| the pod to fit on a node. Selector which must match a node''s |
| labels for the pod to be scheduled on that node. More info: |
| https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' |
| type: object |
| x-kubernetes-map-type: atomic |
| os: |
| description: "Specifies the OS of the containers in the pod. Some |
| pod and container fields are restricted if this is set. \n If |
| the OS field is set to linux, the following fields must be unset: |
| -securityContext.windowsOptions \n If the OS field is set to |
| windows, following fields must be unset: - spec.hostPID - spec.hostIPC |
| - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile |
| - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy |
| - spec.securityContext.sysctls - spec.shareProcessNamespace |
| - spec.securityContext.runAsUser - spec.securityContext.runAsGroup |
| - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions |
| - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities |
| - spec.containers[*].securityContext.readOnlyRootFilesystem |
| - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation |
| - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser |
| - spec.containers[*].securityContext.runAsGroup" |
| properties: |
| name: |
| description: 'Name is the name of the operating system. The |
| currently supported values are linux and windows. Additional |
| value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration |
| Clients should expect to handle additional values and treat |
| unrecognized values in this field as os: null' |
| type: string |
| required: |
| - name |
| type: object |
| overhead: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Overhead represents the resource overhead associated |
| with running a pod for a given RuntimeClass. This field will |
| be autopopulated at admission time by the RuntimeClass admission |
| controller. If the RuntimeClass admission controller is enabled, |
| overhead must not be set in Pod create requests. The RuntimeClass |
| admission controller will reject Pod create requests which have |
| the overhead already set. If RuntimeClass is configured and |
| selected in the PodSpec, Overhead will be set to the value defined |
| in the corresponding RuntimeClass, otherwise it will remain |
| unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' |
| type: object |
| preemptionPolicy: |
| description: PreemptionPolicy is the Policy for preempting pods |
| with lower priority. One of Never, PreemptLowerPriority. Defaults |
| to PreemptLowerPriority if unset. |
| type: string |
| priority: |
| description: The priority value. Various system components use |
| this field to find the priority of the pod. When Priority Admission |
| Controller is enabled, it prevents users from setting this field. |
| The admission controller populates this field from PriorityClassName. |
| The higher the value, the higher the priority. |
| format: int32 |
| type: integer |
| priorityClassName: |
| description: If specified, indicates the pod's priority. "system-node-critical" |
| and "system-cluster-critical" are two special keywords which |
| indicate the highest priorities with the former being the highest |
| priority. Any other name must be defined by creating a PriorityClass |
| object with that name. If not specified, the pod priority will |
| be default or zero if there is no default. |
| type: string |
| readinessGates: |
| description: 'If specified, all readiness gates will be evaluated |
| for pod readiness. A pod is ready when all its containers are |
| ready AND all conditions specified in the readiness gates have |
| status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' |
| items: |
| description: PodReadinessGate contains the reference to a pod |
| condition |
| properties: |
| conditionType: |
| description: ConditionType refers to a condition in the |
| pod's condition list with matching type. |
| type: string |
| required: |
| - conditionType |
| type: object |
| type: array |
| replicas: |
| format: int32 |
| type: integer |
| resourceClaims: |
| description: "ResourceClaims defines which ResourceClaims must |
| be allocated and reserved before the Pod is allowed to start. |
| The resources will be made available to those containers which |
| consume them by name. \n This is an alpha field and requires |
| enabling the DynamicResourceAllocation feature gate. \n This |
| field is immutable." |
| items: |
| description: PodResourceClaim references exactly one ResourceClaim |
| through a ClaimSource. It adds a name to it that uniquely |
| identifies the ResourceClaim inside the Pod. Containers that |
| need access to the ResourceClaim reference it with this name. |
| properties: |
| name: |
| description: Name uniquely identifies this resource claim |
| inside the pod. This must be a DNS_LABEL. |
| type: string |
| source: |
| description: Source describes where to find the ResourceClaim. |
| properties: |
| resourceClaimName: |
| description: ResourceClaimName is the name of a ResourceClaim |
| object in the same namespace as this pod. |
| type: string |
| resourceClaimTemplateName: |
| description: "ResourceClaimTemplateName is the name |
| of a ResourceClaimTemplate object in the same namespace |
| as this pod. \n The template will be used to create |
| a new ResourceClaim, which will be bound to this pod. |
| When this pod is deleted, the ResourceClaim will also |
| be deleted. The name of the ResourceClaim will be |
| <pod name>-<resource name>, where <resource name> |
| is the PodResourceClaim.Name. Pod validation will |
| reject the pod if the concatenated name is not valid |
| for a ResourceClaim (e.g. too long). \n An existing |
| ResourceClaim with that name that is not owned by |
| the pod will not be used for the pod to avoid using |
| an unrelated resource by mistake. Scheduling and pod |
| startup are then blocked until the unrelated ResourceClaim |
| is removed. \n This field is immutable and no changes |
| will be made to the corresponding ResourceClaim by |
| the control plane after creating the ResourceClaim." |
| type: string |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| restartPolicy: |
| description: 'Restart policy for all containers within the pod. |
| One of Always, OnFailure, Never. In some contexts, only a subset |
| of those values may be permitted. Default to Always. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' |
| type: string |
| runtimeClassName: |
| description: 'RuntimeClassName refers to a RuntimeClass object |
| in the node.k8s.io group, which should be used to run this pod. If |
| no RuntimeClass resource matches the named class, the pod will |
| not be run. If unset or empty, the "legacy" RuntimeClass will |
| be used, which is an implicit class with an empty definition |
| that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' |
| type: string |
| schedulerName: |
| description: If specified, the pod will be dispatched by specified |
| scheduler. If not specified, the pod will be dispatched by default |
| scheduler. |
| type: string |
| schedulingGates: |
| description: "SchedulingGates is an opaque list of values that |
| if specified will block scheduling the pod. If schedulingGates |
| is not empty, the pod will stay in the SchedulingGated state |
| and the scheduler will not attempt to schedule the pod. \n SchedulingGates |
| can only be set at pod creation time, and be removed only afterwards. |
| \n This is a beta feature enabled by the PodSchedulingReadiness |
| feature gate." |
| items: |
| description: PodSchedulingGate is associated to a Pod to guard |
| its scheduling. |
| properties: |
| name: |
| description: Name of the scheduling gate. Each scheduling |
| gate must have a unique name field. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| securityContext: |
| description: 'SecurityContext holds pod-level security attributes |
| and common container settings. Optional: Defaults to empty. See |
| type description for default values of each field.' |
| properties: |
| fsGroup: |
| description: "A special supplemental group that applies to |
| all containers in a pod. Some volume types allow the Kubelet |
| to change the ownership of that volume to be owned by the |
| pod: \n 1. The owning GID will be the FSGroup 2. The setgid |
| bit is set (new files created in the volume will be owned |
| by FSGroup) 3. The permission bits are OR'd with rw-rw---- |
| \n If unset, the Kubelet will not modify the ownership and |
| permissions of any volume. Note that this field cannot be |
| set when spec.os.name is windows." |
| format: int64 |
| type: integer |
| fsGroupChangePolicy: |
| description: 'fsGroupChangePolicy defines behavior of changing |
| ownership and permission of the volume before being exposed |
| inside Pod. This field will only apply to volume types which |
| support fsGroup based ownership(and permissions). It will |
| have no effect on ephemeral volume types such as: secret, |
| configmaps and emptydir. Valid values are "OnRootMismatch" |
| and "Always". If not specified, "Always" is used. Note that |
| this field cannot be set when spec.os.name is windows.' |
| type: string |
| runAsGroup: |
| description: The GID to run the entrypoint of the container |
| process. Uses runtime default if unset. May also be set |
| in SecurityContext. If set in both SecurityContext and |
| PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this field |
| cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run as a non-root |
| user. If true, the Kubelet will validate the image at runtime |
| to ensure that it does not run as UID 0 (root) and fail |
| to start the container if it does. If unset or false, no |
| such validation will be performed. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, the |
| value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the container |
| process. Defaults to user specified in image metadata if |
| unspecified. May also be set in SecurityContext. If set |
| in both SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence for that container. |
| Note that this field cannot be set when spec.os.name is |
| windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to all containers. |
| If unspecified, the container runtime will allocate a random |
| SELinux context for each container. May also be set in |
| SecurityContext. If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence |
| for that container. Note that this field cannot be set when |
| spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that applies |
| to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that applies |
| to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that applies |
| to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that applies |
| to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by the containers |
| in this pod. Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile defined |
| in a file on the node should be used. The profile must |
| be preconfigured on the node to work. Must be a descending |
| path, relative to the kubelet's configured seccomp profile |
| location. Must only be set if type is "Localhost". |
| type: string |
| type: |
| description: "type indicates which kind of seccomp profile |
| will be applied. Valid options are: \n Localhost - a |
| profile defined in a file on the node should be used. |
| RuntimeDefault - the container runtime default profile |
| should be used. Unconfined - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| supplementalGroups: |
| description: A list of groups applied to the first process |
| run in each container, in addition to the container's primary |
| GID, the fsGroup (if specified), and group memberships defined |
| in the container image for the uid of the container process. |
| If unspecified, no additional groups are added to any container. |
| Note that group memberships defined in the container image |
| for the uid of the container process are still effective, |
| even if they are not included in this list. Note that this |
| field cannot be set when spec.os.name is windows. |
| items: |
| format: int64 |
| type: integer |
| type: array |
| sysctls: |
| description: Sysctls hold a list of namespaced sysctls used |
| for the pod. Pods with unsupported sysctls (by the container |
| runtime) might fail to launch. Note that this field cannot |
| be set when spec.os.name is windows. |
| items: |
| description: Sysctl defines a kernel parameter to be set |
| properties: |
| name: |
| description: Name of a property to set |
| type: string |
| value: |
| description: Value of a property to set |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| windowsOptions: |
| description: The Windows specific settings applied to all |
| containers. If unspecified, the options within a container's |
| SecurityContext will be used. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. Note that this field cannot be set when |
| spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA admission |
| webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential spec named |
| by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name of the |
| GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container should |
| be run as a 'Host Process' container. This field is |
| alpha-level and will only be honored by components that |
| enable the WindowsHostProcessContainers feature flag. |
| Setting this field without the feature flag will result |
| in errors when validating the Pod. All of a Pod's containers |
| must have the same effective HostProcess value (it is |
| not allowed to have a mix of HostProcess containers |
| and non-HostProcess containers). In addition, if HostProcess |
| is true then HostNetwork must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the entrypoint |
| of the container process. Defaults to the user specified |
| in image metadata if unspecified. May also be set in |
| PodSecurityContext. If set in both SecurityContext and |
| PodSecurityContext, the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| serviceAccountName: |
| description: 'ServiceAccountName is the name of the ServiceAccount |
| to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' |
| type: string |
| setHostnameAsFQDN: |
| description: If true the pod's hostname will be configured as |
| the pod's FQDN, rather than the leaf name (the default). In |
| Linux containers, this means setting the FQDN in the hostname |
| field of the kernel (the nodename field of struct utsname). |
| In Windows containers, this means setting the registry value |
| of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters |
| to FQDN. If a pod does not have FQDN, this has no effect. Default |
| to false. |
| type: boolean |
| shareProcessNamespace: |
| description: 'Share a single process namespace between all of |
| the containers in a pod. When this is set containers will be |
| able to view and signal processes from other containers in the |
| same pod, and the first process in each container will not be |
| assigned PID 1. HostPID and ShareProcessNamespace cannot both |
| be set. Optional: Default to false.' |
| type: boolean |
| subdomain: |
| description: If specified, the fully qualified Pod hostname will |
| be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". |
| If not specified, the pod will not have a domainname at all. |
| type: string |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs to terminate |
| gracefully. May be decreased in delete request. Value must be |
| non-negative integer. The value zero indicates stop immediately |
| via the kill signal (no opportunity to shut down). If this value |
| is nil, the default grace period will be used instead. The grace |
| period is the duration in seconds after the processes running |
| in the pod are sent a termination signal and the time when the |
| processes are forcibly halted with a kill signal. Set this value |
| longer than the expected cleanup time for your process. Defaults |
| to 30 seconds. |
| format: int64 |
| type: integer |
| tolerations: |
| description: If specified, the pod's tolerations. |
| items: |
| description: The pod this Toleration is attached to tolerates |
| any taint that matches the triple <key,value,effect> using |
| the matching operator <operator>. |
| properties: |
| effect: |
| description: Effect indicates the taint effect to match. |
| Empty means match all taint effects. When specified, allowed |
| values are NoSchedule, PreferNoSchedule and NoExecute. |
| type: string |
| key: |
| description: Key is the taint key that the toleration applies |
| to. Empty means match all taint keys. If the key is empty, |
| operator must be Exists; this combination means to match |
| all values and all keys. |
| type: string |
| operator: |
| description: Operator represents a key's relationship to |
| the value. Valid operators are Exists and Equal. Defaults |
| to Equal. Exists is equivalent to wildcard for value, |
| so that a pod can tolerate all taints of a particular |
| category. |
| type: string |
| tolerationSeconds: |
| description: TolerationSeconds represents the period of |
| time the toleration (which must be of effect NoExecute, |
| otherwise this field is ignored) tolerates the taint. |
| By default, it is not set, which means tolerate the taint |
| forever (do not evict). Zero and negative values will |
| be treated as 0 (evict immediately) by the system. |
| format: int64 |
| type: integer |
| value: |
| description: Value is the taint value the toleration matches |
| to. If the operator is Exists, the value should be empty, |
| otherwise just a regular string. |
| type: string |
| type: object |
| type: array |
| topologySpreadConstraints: |
| description: TopologySpreadConstraints describes how a group of |
| pods ought to spread across topology domains. Scheduler will |
| schedule pods in a way which abides by the constraints. All |
| topologySpreadConstraints are ANDed. |
| items: |
| description: TopologySpreadConstraint specifies how to spread |
| matching pods among the given topology. |
| properties: |
| labelSelector: |
| description: LabelSelector is used to find matching pods. |
| Pods that match this label selector are counted to determine |
| the number of pods in their corresponding topology domain. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label selector |
| requirements. The requirements are ANDed. |
| items: |
| description: A label selector requirement is a selector |
| that contains values, a key, and an operator that |
| relates the key and values. |
| properties: |
| key: |
| description: key is the label key that the selector |
| applies to. |
| type: string |
| operator: |
| description: operator represents a key's relationship |
| to a set of values. Valid operators are In, |
| NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string values. |
| If the operator is In or NotIn, the values array |
| must be non-empty. If the operator is Exists |
| or DoesNotExist, the values array must be empty. |
| This array is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} pairs. |
| A single {key,value} in the matchLabels map is equivalent |
| to an element of matchExpressions, whose key field |
| is "key", the operator is "In", and the values array |
| contains only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| matchLabelKeys: |
| description: "MatchLabelKeys is a set of pod label keys |
| to select the pods over which spreading will be calculated. |
| The keys are used to lookup values from the incoming pod |
| labels, those key-value labels are ANDed with labelSelector |
| to select the group of existing pods over which spreading |
| will be calculated for the incoming pod. The same key |
| is forbidden to exist in both MatchLabelKeys and LabelSelector. |
| MatchLabelKeys cannot be set when LabelSelector isn't |
| set. Keys that don't exist in the incoming pod labels |
| will be ignored. A null or empty list means only match |
| against labelSelector. \n This is a beta field and requires |
| the MatchLabelKeysInPodTopologySpread feature gate to |
| be enabled (enabled by default)." |
| items: |
| type: string |
| type: array |
| x-kubernetes-list-type: atomic |
| maxSkew: |
| description: 'MaxSkew describes the degree to which pods |
| may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, |
| it is the maximum permitted difference between the number |
| of matching pods in the target topology and the global |
| minimum. The global minimum is the minimum number of matching |
| pods in an eligible domain or zero if the number of eligible |
| domains is less than MinDomains. For example, in a 3-zone |
| cluster, MaxSkew is set to 1, and pods with the same labelSelector |
| spread as 2/2/1: In this case, the global minimum is 1. |
| | zone1 | zone2 | zone3 | | P P | P P | P | - |
| if MaxSkew is 1, incoming pod can only be scheduled to |
| zone3 to become 2/2/2; scheduling it onto zone1(zone2) |
| would make the ActualSkew(3-1) on zone1(zone2) violate |
| MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled |
| onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, |
| it is used to give higher precedence to topologies that |
| satisfy it. It''s a required field. Default value is 1 |
| and 0 is not allowed.' |
| format: int32 |
| type: integer |
| minDomains: |
| description: "MinDomains indicates a minimum number of eligible |
| domains. When the number of eligible domains with matching |
| topology keys is less than minDomains, Pod Topology Spread |
| treats \"global minimum\" as 0, and then the calculation |
| of Skew is performed. And when the number of eligible |
| domains with matching topology keys equals or greater |
| than minDomains, this value has no effect on scheduling. |
| As a result, when the number of eligible domains is less |
| than minDomains, scheduler won't schedule more than maxSkew |
| Pods to those domains. If value is nil, the constraint |
| behaves as if MinDomains is equal to 1. Valid values are |
| integers greater than 0. When value is not nil, WhenUnsatisfiable |
| must be DoNotSchedule. \n For example, in a 3-zone cluster, |
| MaxSkew is set to 2, MinDomains is set to 5 and pods with |
| the same labelSelector spread as 2/2/2: | zone1 | zone2 |
| | zone3 | | P P | P P | P P | The number of domains |
| is less than 5(MinDomains), so \"global minimum\" is treated |
| as 0. In this situation, new pod with the same labelSelector |
| cannot be scheduled, because computed skew will be 3(3 |
| - 0) if new Pod is scheduled to any of the three zones, |
| it will violate MaxSkew. \n This is a beta field and requires |
| the MinDomainsInPodTopologySpread feature gate to be enabled |
| (enabled by default)." |
| format: int32 |
| type: integer |
| nodeAffinityPolicy: |
| description: "NodeAffinityPolicy indicates how we will treat |
| Pod's nodeAffinity/nodeSelector when calculating pod topology |
| spread skew. Options are: - Honor: only nodes matching |
| nodeAffinity/nodeSelector are included in the calculations. |
| - Ignore: nodeAffinity/nodeSelector are ignored. All nodes |
| are included in the calculations. \n If this value is |
| nil, the behavior is equivalent to the Honor policy. This |
| is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| nodeTaintsPolicy: |
| description: "NodeTaintsPolicy indicates how we will treat |
| node taints when calculating pod topology spread skew. |
| Options are: - Honor: nodes without taints, along with |
| tainted nodes for which the incoming pod has a toleration, |
| are included. - Ignore: node taints are ignored. All nodes |
| are included. \n If this value is nil, the behavior is |
| equivalent to the Ignore policy. This is a beta-level |
| feature default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| topologyKey: |
| description: TopologyKey is the key of node labels. Nodes |
| that have a label with this key and identical values are |
| considered to be in the same topology. We consider each |
| <key, value> as a "bucket", and try to put balanced number |
| of pods into each bucket. We define a domain as a particular |
| instance of a topology. Also, we define an eligible domain |
| as a domain whose nodes meet the requirements of nodeAffinityPolicy |
| and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", |
| each Node is a domain of that topology. And, if TopologyKey |
| is "topology.kubernetes.io/zone", each zone is a domain |
| of that topology. It's a required field. |
| type: string |
| whenUnsatisfiable: |
| description: 'WhenUnsatisfiable indicates how to deal with |
| a pod if it doesn''t satisfy the spread constraint. - |
| DoNotSchedule (default) tells the scheduler not to schedule |
| it. - ScheduleAnyway tells the scheduler to schedule the |
| pod in any location, but giving higher precedence to topologies |
| that would help reduce the skew. A constraint is considered |
| "Unsatisfiable" for an incoming pod if and only if every |
| possible node assignment for that pod would violate "MaxSkew" |
| on some topology. For example, in a 3-zone cluster, MaxSkew |
| is set to 1, and pods with the same labelSelector spread |
| as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | |
| If WhenUnsatisfiable is set to DoNotSchedule, incoming |
| pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) |
| as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). |
| In other words, the cluster can still be imbalanced, but |
| scheduler won''t make it *more* imbalanced. It''s a required |
| field.' |
| type: string |
| required: |
| - maxSkew |
| - topologyKey |
| - whenUnsatisfiable |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - topologyKey |
| - whenUnsatisfiable |
| x-kubernetes-list-type: map |
| volumes: |
| description: 'List of volumes that can be mounted by containers |
| belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' |
| items: |
| description: Volume represents a named volume in a pod that |
| may be accessed by any container in the pod. |
| properties: |
| awsElasticBlockStore: |
| description: 'awsElasticBlockStore represents an AWS Disk |
| resource that is attached to a kubelet''s host machine |
| and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type of the volume |
| that you want to mount. Tip: Ensure that the filesystem |
| type is supported by the host operating system. Examples: |
| "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
| TODO: how do we prevent errors in the filesystem from |
| compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in the volume |
| that you want to mount. If omitted, the default is |
| to mount by volume name. Examples: For volume /dev/sda1, |
| you specify the partition as "1". Similarly, the volume |
| partition for /dev/sda is "0" (or you can leave the |
| property empty).' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly value true will force the readOnly |
| setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: boolean |
| volumeID: |
| description: 'volumeID is unique ID of the persistent |
| disk resource in AWS (Amazon EBS volume). More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: string |
| required: |
| - volumeID |
| type: object |
| azureDisk: |
| description: azureDisk represents an Azure Data Disk mount |
| on the host and bind mount to the pod. |
| properties: |
| cachingMode: |
| description: 'cachingMode is the Host Caching mode: |
| None, Read Only, Read Write.' |
| type: string |
| diskName: |
| description: diskName is the Name of the data disk in |
| the blob storage |
| type: string |
| diskURI: |
| description: diskURI is the URI of data disk in the |
| blob storage |
| type: string |
| fsType: |
| description: fsType is Filesystem type to mount. Must |
| be a filesystem type supported by the host operating |
| system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred |
| to be "ext4" if unspecified. |
| type: string |
| kind: |
| description: 'kind expected values are Shared: multiple |
| blob disks per storage account Dedicated: single |
| blob disk per storage account Managed: azure managed |
| data disk (only in managed availability set). defaults |
| to shared' |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting in VolumeMounts. |
| type: boolean |
| required: |
| - diskName |
| - diskURI |
| type: object |
| azureFile: |
| description: azureFile represents an Azure File Service |
| mount on the host and bind mount to the pod. |
| properties: |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting in VolumeMounts. |
| type: boolean |
| secretName: |
| description: secretName is the name of secret that |
| contains Azure Storage Account Name and Key |
| type: string |
| shareName: |
| description: shareName is the azure share Name |
| type: string |
| required: |
| - secretName |
| - shareName |
| type: object |
| cephfs: |
| description: cephFS represents a Ceph FS mount on the host |
| that shares a pod's lifetime |
| properties: |
| monitors: |
| description: 'monitors is Required: Monitors is a collection |
| of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| path: |
| description: 'path is Optional: Used as the mounted |
| root, rather than the full Ceph tree, default is /' |
| type: string |
| readOnly: |
| description: 'readOnly is Optional: Defaults to false |
| (read/write). ReadOnly here will force the ReadOnly |
| setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: boolean |
| secretFile: |
| description: 'secretFile is Optional: SecretFile is |
| the path to key ring for User, default is /etc/ceph/user.secret |
| More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| secretRef: |
| description: 'secretRef is Optional: SecretRef is reference |
| to the authentication secret for User, default is |
| empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is optional: User is the rados user |
| name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| required: |
| - monitors |
| type: object |
| cinder: |
| description: 'cinder represents a cinder volume attached |
| and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host operating |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| readOnly: |
| description: 'readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting in VolumeMounts. |
| More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: boolean |
| secretRef: |
| description: 'secretRef is optional: points to a secret |
| object containing parameters used to connect to OpenStack.' |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeID: |
| description: 'volumeID used to identify the volume in |
| cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| required: |
| - volumeID |
| type: object |
| configMap: |
| description: configMap represents a configMap that should |
| populate this volume |
| properties: |
| defaultMode: |
| description: 'defaultMode is optional: mode bits used |
| to set permissions on created files by default. Must |
| be an octal value between 0000 and 0777 or a decimal |
| value between 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within the path |
| are not affected by this setting. This might be in |
| conflict with other options that affect the file mode, |
| like fsGroup, and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| items: |
| description: items if unspecified, each key-value pair |
| in the Data field of the referenced ConfigMap will |
| be projected into the volume as a file whose name |
| is the key and content is the value. If specified, |
| the listed keys will be projected into the specified |
| paths, and unlisted keys will not be present. If a |
| key is specified which is not present in the ConfigMap, |
| the volume setup will error unless it is marked optional. |
| Paths must be relative and may not contain the '..' |
| path or start with '..'. |
| items: |
| description: Maps a string key to a path within a |
| volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits used |
| to set permissions on this file. Must be an |
| octal value between 0000 and 0777 or a decimal |
| value between 0 and 511. YAML accepts both octal |
| and decimal values, JSON requires decimal values |
| for mode bits. If not specified, the volume |
| defaultMode will be used. This might be in conflict |
| with other options that affect the file mode, |
| like fsGroup, and the result can be other mode |
| bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path of the |
| file to map the key to. May not be an absolute |
| path. May not contain the path element '..'. |
| May not start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether the ConfigMap |
| or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| csi: |
| description: csi (Container Storage Interface) represents |
| ephemeral storage that is handled by certain external |
| CSI drivers (Beta feature). |
| properties: |
| driver: |
| description: driver is the name of the CSI driver that |
| handles this volume. Consult with your admin for the |
| correct name as registered in the cluster. |
| type: string |
| fsType: |
| description: fsType to mount. Ex. "ext4", "xfs", "ntfs". |
| If not provided, the empty value is passed to the |
| associated CSI driver which will determine the default |
| filesystem to apply. |
| type: string |
| nodePublishSecretRef: |
| description: nodePublishSecretRef is a reference to |
| the secret object containing sensitive information |
| to pass to the CSI driver to complete the CSI NodePublishVolume |
| and NodeUnpublishVolume calls. This field is optional, |
| and may be empty if no secret is required. If the |
| secret object contains more than one secret, all secret |
| references are passed. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| readOnly: |
| description: readOnly specifies a read-only configuration |
| for the volume. Defaults to false (read/write). |
| type: boolean |
| volumeAttributes: |
| additionalProperties: |
| type: string |
| description: volumeAttributes stores driver-specific |
| properties that are passed to the CSI driver. Consult |
| your driver's documentation for supported values. |
| type: object |
| required: |
| - driver |
| type: object |
| downwardAPI: |
| description: downwardAPI represents downward API about the |
| pod that should populate this volume |
| properties: |
| defaultMode: |
| description: 'Optional: mode bits to use on created |
| files by default. Must be a Optional: mode bits used |
| to set permissions on created files by default. Must |
| be an octal value between 0000 and 0777 or a decimal |
| value between 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within the path |
| are not affected by this setting. This might be in |
| conflict with other options that affect the file mode, |
| like fsGroup, and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| items: |
| description: Items is a list of downward API volume |
| file |
| items: |
| description: DownwardAPIVolumeFile represents information |
| to create the file containing the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field of the |
| pod: only annotations, labels, name and namespace |
| are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used to set |
| permissions on this file, must be an octal value |
| between 0000 and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. If not specified, the volume defaultMode |
| will be used. This might be in conflict with |
| other options that affect the file mode, like |
| fsGroup, and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the relative |
| path name of the file to be created. Must not |
| be absolute or contain the ''..'' path. Must |
| be utf-8 encoded. The first item of the relative |
| path must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, requests.cpu and requests.memory) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for |
| volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| emptyDir: |
| description: 'emptyDir represents a temporary directory |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| properties: |
| medium: |
| description: 'medium represents what type of storage |
| medium should back this directory. The default is |
| "" which means to use the node''s default medium. |
| Must be an empty string (default) or Memory. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount of local |
| storage required for this EmptyDir volume. The size |
| limit is also applicable for memory medium. The maximum |
| usage on memory medium EmptyDir would be the minimum |
| value between the SizeLimit specified here and the |
| sum of memory limits of all containers in a pod. The |
| default is nil which means that the limit is undefined. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| ephemeral: |
| description: "ephemeral represents a volume that is handled |
| by a cluster storage driver. The volume's lifecycle is |
| tied to the pod that defines it - it will be created before |
| the pod starts, and deleted when the pod is removed. \n |
| Use this if: a) the volume is only needed while the pod |
| runs, b) features of normal volumes like restoring from |
| snapshot or capacity tracking are needed, c) the storage |
| driver is specified through a storage class, and d) the |
| storage driver supports dynamic volume provisioning through |
| a PersistentVolumeClaim (see EphemeralVolumeSource for |
| more information on the connection between this volume |
| type and PersistentVolumeClaim). \n Use PersistentVolumeClaim |
| or one of the vendor-specific APIs for volumes that persist |
| for longer than the lifecycle of an individual pod. \n |
| Use CSI for light-weight local ephemeral volumes if the |
| CSI driver is meant to be used that way - see the documentation |
| of the driver for more information. \n A pod can use both |
| types of ephemeral volumes and persistent volumes at the |
| same time." |
| properties: |
| volumeClaimTemplate: |
| description: "Will be used to create a stand-alone PVC |
| to provision the volume. The pod in which this EphemeralVolumeSource |
| is embedded will be the owner of the PVC, i.e. the |
| PVC will be deleted together with the pod. The name |
| of the PVC will be `<pod name>-<volume name>` where |
| `<volume name>` is the name from the `PodSpec.Volumes` |
| array entry. Pod validation will reject the pod if |
| the concatenated name is not valid for a PVC (for |
| example, too long). \n An existing PVC with that name |
| that is not owned by the pod will *not* be used for |
| the pod to avoid using an unrelated volume by mistake. |
| Starting the pod is then blocked until the unrelated |
| PVC is removed. If such a pre-created PVC is meant |
| to be used by the pod, the PVC has to updated with |
| an owner reference to the pod once the pod exists. |
| Normally this should not be necessary, but it may |
| be useful when manually reconstructing a broken cluster. |
| \n This field is read-only and no changes will be |
| made by Kubernetes to the PVC after it has been created. |
| \n Required, must not be nil." |
| properties: |
| metadata: |
| description: May contain labels and annotations |
| that will be copied into the PVC when creating |
| it. No other fields are allowed and will be rejected |
| during validation. |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged into the |
| PVC that gets created from this template. The |
| same fields as in a PersistentVolumeClaim are |
| also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the desired |
| access modes the volume should have. More |
| info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be used to |
| specify either: * An existing VolumeSnapshot |
| object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) |
| If the provisioner or an external controller |
| can support the specified data source, it |
| will create a new volume based on the contents |
| of the specified data source. When the AnyVolumeDataSource |
| feature gate is enabled, dataSource contents |
| will be copied to dataSourceRef, and dataSourceRef |
| contents will be copied to dataSource when |
| dataSourceRef.namespace is not specified. |
| If the namespace is specified, then dataSourceRef |
| will not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for the |
| resource being referenced. If APIGroup |
| is not specified, the specified Kind must |
| be in the core API group. For any other |
| third-party types, APIGroup is required. |
| type: string |
| kind: |
| description: Kind is the type of resource |
| being referenced |
| type: string |
| name: |
| description: Name is the name of resource |
| being referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies the object |
| from which to populate the volume with data, |
| if a non-empty volume is desired. This may |
| be any object from a non-empty API group (non |
| core object) or a PersistentVolumeClaim object. |
| When this field is specified, volume binding |
| will only succeed if the type of the specified |
| object matches some installed volume populator |
| or dynamic provisioner. This field will replace |
| the functionality of the dataSource field |
| and as such if both fields are non-empty, |
| they must have the same value. For backwards |
| compatibility, when namespace isn''t specified |
| in dataSourceRef, both fields (dataSource |
| and dataSourceRef) will be set to the same |
| value automatically if one of them is empty |
| and the other is non-empty. When namespace |
| is specified in dataSourceRef, dataSource |
| isn''t set to the same value and must be empty. |
| There are three important differences between |
| dataSource and dataSourceRef: * While dataSource |
| only allows two specific types of objects, |
| dataSourceRef allows any non-core object, |
| as well as PersistentVolumeClaim objects. |
| * While dataSource ignores disallowed values |
| (dropping them), dataSourceRef preserves all |
| values, and generates an error if a disallowed |
| value is specified. * While dataSource only |
| allows local objects, dataSourceRef allows |
| objects in any namespaces. (Beta) Using this |
| field requires the AnyVolumeDataSource feature |
| gate to be enabled. (Alpha) Using the namespace |
| field of dataSourceRef requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for the |
| resource being referenced. If APIGroup |
| is not specified, the specified Kind must |
| be in the core API group. For any other |
| third-party types, APIGroup is required. |
| type: string |
| kind: |
| description: Kind is the type of resource |
| being referenced |
| type: string |
| name: |
| description: Name is the name of resource |
| being referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace |
| of resource being referenced Note that |
| when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent namespace |
| to allow that namespace's owner to accept |
| the reference. See the ReferenceGrant |
| documentation for details. (Alpha) This |
| field requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the minimum |
| resources the volume should have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed to specify |
| resource requirements that are lower than |
| previous value but must still be higher than |
| capacity recorded in the status field of the |
| claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names of |
| resources, defined in spec.resourceClaims, |
| that are used by this container. \n This |
| is an alpha field and requires enabling |
| the DynamicResourceAllocation feature |
| gate. \n This field is immutable. It can |
| only be set for containers." |
| items: |
| description: ResourceClaim references |
| one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name |
| of one entry in pod.spec.resourceClaims |
| of the Pod where this field is used. |
| It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum |
| amount of compute resources allowed. More |
| info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum |
| amount of compute resources required. |
| If Requests is omitted for a container, |
| it defaults to Limits if that is explicitly |
| specified, otherwise to an implementation-defined |
| value. Requests cannot exceed Limits. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query over |
| volumes to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the name of |
| the StorageClass required by the claim. More |
| info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what type of |
| volume is required by the claim. Value of |
| Filesystem is implied when not included in |
| claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding reference |
| to the PersistentVolume backing this claim. |
| type: string |
| type: object |
| required: |
| - spec |
| type: object |
| type: object |
| fc: |
| description: fc represents a Fibre Channel resource that |
| is attached to a kubelet's host machine and then exposed |
| to the pod. |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host operating |
| system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred |
| to be "ext4" if unspecified. TODO: how do we prevent |
| errors in the filesystem from compromising the machine' |
| type: string |
| lun: |
| description: 'lun is Optional: FC target lun number' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly is Optional: Defaults to false |
| (read/write). ReadOnly here will force the ReadOnly |
| setting in VolumeMounts.' |
| type: boolean |
| targetWWNs: |
| description: 'targetWWNs is Optional: FC target worldwide |
| names (WWNs)' |
| items: |
| type: string |
| type: array |
| wwids: |
| description: 'wwids Optional: FC volume world wide identifiers |
| (wwids) Either wwids or combination of targetWWNs |
| and lun must be set, but not both simultaneously.' |
| items: |
| type: string |
| type: array |
| type: object |
| flexVolume: |
| description: flexVolume represents a generic volume resource |
| that is provisioned/attached using an exec based plugin. |
| properties: |
| driver: |
| description: driver is the name of the driver to use |
| for this volume. |
| type: string |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host operating |
| system. Ex. "ext4", "xfs", "ntfs". The default filesystem |
| depends on FlexVolume script. |
| type: string |
| options: |
| additionalProperties: |
| type: string |
| description: 'options is Optional: this field holds |
| extra command options if any.' |
| type: object |
| readOnly: |
| description: 'readOnly is Optional: defaults to false |
| (read/write). ReadOnly here will force the ReadOnly |
| setting in VolumeMounts.' |
| type: boolean |
| secretRef: |
| description: 'secretRef is Optional: secretRef is reference |
| to the secret object containing sensitive information |
| to pass to the plugin scripts. This may be empty if |
| no secret object is specified. If the secret object |
| contains more than one secret, all secrets are passed |
| to the plugin scripts.' |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - driver |
| type: object |
| flocker: |
| description: flocker represents a Flocker volume attached |
| to a kubelet's host machine. This depends on the Flocker |
| control service being running |
| properties: |
| datasetName: |
| description: datasetName is Name of the dataset stored |
| as metadata -> name on the dataset for Flocker should |
| be considered as deprecated |
| type: string |
| datasetUUID: |
| description: datasetUUID is the UUID of the dataset. |
| This is unique identifier of a Flocker dataset |
| type: string |
| type: object |
| gcePersistentDisk: |
| description: 'gcePersistentDisk represents a GCE Disk resource |
| that is attached to a kubelet''s host machine and then |
| exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| properties: |
| fsType: |
| description: 'fsType is filesystem type of the volume |
| that you want to mount. Tip: Ensure that the filesystem |
| type is supported by the host operating system. Examples: |
| "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
| TODO: how do we prevent errors in the filesystem from |
| compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in the volume |
| that you want to mount. If omitted, the default is |
| to mount by volume name. Examples: For volume /dev/sda1, |
| you specify the partition as "1". Similarly, the volume |
| partition for /dev/sda is "0" (or you can leave the |
| property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| format: int32 |
| type: integer |
| pdName: |
| description: 'pdName is unique name of the PD resource |
| in GCE. Used to identify the disk in GCE. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: boolean |
| required: |
| - pdName |
| type: object |
| gitRepo: |
| description: 'gitRepo represents a git repository at a particular |
| revision. DEPRECATED: GitRepo is deprecated. To provision |
| a container with a git repo, mount an EmptyDir into an |
| InitContainer that clones the repo using git, then mount |
| the EmptyDir into the Pod''s container.' |
| properties: |
| directory: |
| description: directory is the target directory name. |
| Must not contain or start with '..'. If '.' is supplied, |
| the volume directory will be the git repository. Otherwise, |
| if specified, the volume will contain the git repository |
| in the subdirectory with the given name. |
| type: string |
| repository: |
| description: repository is the URL |
| type: string |
| revision: |
| description: revision is the commit hash for the specified |
| revision. |
| type: string |
| required: |
| - repository |
| type: object |
| glusterfs: |
| description: 'glusterfs represents a Glusterfs mount on |
| the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' |
| properties: |
| endpoints: |
| description: 'endpoints is the endpoint name that details |
| Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| path: |
| description: 'path is the Glusterfs volume path. More |
| info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the Glusterfs |
| volume to be mounted with read-only permissions. Defaults |
| to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: boolean |
| required: |
| - endpoints |
| - path |
| type: object |
| hostPath: |
| description: 'hostPath represents a pre-existing file or |
| directory on the host machine that is directly exposed |
| to the container. This is generally used for system agents |
| or other privileged things that are allowed to see the |
| host machine. Most containers will NOT need this. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
| --- TODO(jonesdl) We need to restrict who can use host |
| directory mounts and who can/can not mount host directories |
| as read/write.' |
| properties: |
| path: |
| description: 'path of the directory on the host. If |
| the path is a symlink, it will follow the link to |
| the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults to "" |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| iscsi: |
| description: 'iscsi represents an ISCSI Disk resource that |
| is attached to a kubelet''s host machine and then exposed |
| to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' |
| properties: |
| chapAuthDiscovery: |
| description: chapAuthDiscovery defines whether support |
| iSCSI Discovery CHAP authentication |
| type: boolean |
| chapAuthSession: |
| description: chapAuthSession defines whether support |
| iSCSI Session CHAP authentication |
| type: boolean |
| fsType: |
| description: 'fsType is the filesystem type of the volume |
| that you want to mount. Tip: Ensure that the filesystem |
| type is supported by the host operating system. Examples: |
| "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi |
| TODO: how do we prevent errors in the filesystem from |
| compromising the machine' |
| type: string |
| initiatorName: |
| description: initiatorName is the custom iSCSI Initiator |
| Name. If initiatorName is specified with iscsiInterface |
| simultaneously, new iSCSI interface <target portal>:<volume |
| name> will be created for the connection. |
| type: string |
| iqn: |
| description: iqn is the target iSCSI Qualified Name. |
| type: string |
| iscsiInterface: |
| description: iscsiInterface is the interface Name that |
| uses an iSCSI transport. Defaults to 'default' (tcp). |
| type: string |
| lun: |
| description: lun represents iSCSI Target Lun number. |
| format: int32 |
| type: integer |
| portals: |
| description: portals is the iSCSI Target Portal List. |
| The portal is either an IP or ip_addr:port if the |
| port is other than default (typically TCP ports 860 |
| and 3260). |
| items: |
| type: string |
| type: array |
| readOnly: |
| description: readOnly here will force the ReadOnly setting |
| in VolumeMounts. Defaults to false. |
| type: boolean |
| secretRef: |
| description: secretRef is the CHAP Secret for iSCSI |
| target and initiator authentication |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| targetPortal: |
| description: targetPortal is iSCSI Target Portal. The |
| Portal is either an IP or ip_addr:port if the port |
| is other than default (typically TCP ports 860 and |
| 3260). |
| type: string |
| required: |
| - iqn |
| - lun |
| - targetPortal |
| type: object |
| name: |
| description: 'name of the volume. Must be a DNS_LABEL and |
| unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' |
| type: string |
| nfs: |
| description: 'nfs represents an NFS mount on the host that |
| shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| properties: |
| path: |
| description: 'path that is exported by the NFS server. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the NFS export |
| to be mounted with read-only permissions. Defaults |
| to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: boolean |
| server: |
| description: 'server is the hostname or IP address of |
| the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| required: |
| - path |
| - server |
| type: object |
| persistentVolumeClaim: |
| description: 'persistentVolumeClaimVolumeSource represents |
| a reference to a PersistentVolumeClaim in the same namespace. |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| properties: |
| claimName: |
| description: 'claimName is the name of a PersistentVolumeClaim |
| in the same namespace as the pod using this volume. |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| type: string |
| readOnly: |
| description: readOnly Will force the ReadOnly setting |
| in VolumeMounts. Default false. |
| type: boolean |
| required: |
| - claimName |
| type: object |
| photonPersistentDisk: |
| description: photonPersistentDisk represents a PhotonController |
| persistent disk attached and mounted on kubelets host |
| machine |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host operating |
| system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred |
| to be "ext4" if unspecified. |
| type: string |
| pdID: |
| description: pdID is the ID that identifies Photon Controller |
| persistent disk |
| type: string |
| required: |
| - pdID |
| type: object |
| portworxVolume: |
| description: portworxVolume represents a portworx volume |
| attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fSType represents the filesystem type to |
| mount Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs". Implicitly inferred |
| to be "ext4" if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting in VolumeMounts. |
| type: boolean |
| volumeID: |
| description: volumeID uniquely identifies a Portworx |
| volume |
| type: string |
| required: |
| - volumeID |
| type: object |
| projected: |
| description: projected items for all in one resources secrets, |
| configmaps, and downward API |
| properties: |
| defaultMode: |
| description: defaultMode are the mode bits used to set |
| permissions on created files by default. Must be an |
| octal value between 0000 and 0777 or a decimal value |
| between 0 and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode bits. |
| Directories within the path are not affected by this |
| setting. This might be in conflict with other options |
| that affect the file mode, like fsGroup, and the result |
| can be other mode bits set. |
| format: int32 |
| type: integer |
| sources: |
| description: sources is the list of volume projections |
| items: |
| description: Projection that may be projected along |
| with other supported volume types |
| properties: |
| configMap: |
| description: configMap information about the configMap |
| data to project |
| properties: |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced |
| ConfigMap will be projected into the volume |
| as a file whose name is the key and content |
| is the value. If specified, the listed keys |
| will be projected into the specified paths, |
| and unlisted keys will not be present. If |
| a key is specified which is not present |
| in the ConfigMap, the volume setup will |
| error unless it is marked optional. Paths |
| must be relative and may not contain the |
| '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path |
| within a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode |
| bits used to set permissions on this |
| file. Must be an octal value between |
| 0000 and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal |
| and decimal values, JSON requires |
| decimal values for mode bits. If not |
| specified, the volume defaultMode |
| will be used. This might be in conflict |
| with other options that affect the |
| file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May |
| not be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether the |
| ConfigMap or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| downwardAPI: |
| description: downwardAPI information about the |
| downwardAPI data to project |
| properties: |
| items: |
| description: Items is a list of DownwardAPIVolume |
| file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing |
| the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field |
| of the pod: only annotations, labels, |
| name and namespace are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used |
| to set permissions on this file, must |
| be an octal value between 0000 and |
| 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, |
| like fsGroup, and the result can be |
| other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the |
| relative path name of the file to |
| be created. Must not be absolute or |
| contain the ''..'' path. Must be utf-8 |
| encoded. The first item of the relative |
| path must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of |
| the container: only resources limits |
| and requests (limits.cpu, limits.memory, |
| requests.cpu and requests.memory) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env |
| vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource |
| to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| secret: |
| description: secret information about the secret |
| data to project |
| properties: |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced |
| Secret will be projected into the volume |
| as a file whose name is the key and content |
| is the value. If specified, the listed keys |
| will be projected into the specified paths, |
| and unlisted keys will not be present. If |
| a key is specified which is not present |
| in the Secret, the volume setup will error |
| unless it is marked optional. Paths must |
| be relative and may not contain the '..' |
| path or start with '..'. |
| items: |
| description: Maps a string key to a path |
| within a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode |
| bits used to set permissions on this |
| file. Must be an octal value between |
| 0000 and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal |
| and decimal values, JSON requires |
| decimal values for mode bits. If not |
| specified, the volume defaultMode |
| will be used. This might be in conflict |
| with other options that affect the |
| file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May |
| not be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional field specify whether |
| the Secret or its key must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| serviceAccountToken: |
| description: serviceAccountToken is information |
| about the serviceAccountToken data to project |
| properties: |
| audience: |
| description: audience is the intended audience |
| of the token. A recipient of a token must |
| identify itself with an identifier specified |
| in the audience of the token, and otherwise |
| should reject the token. The audience defaults |
| to the identifier of the apiserver. |
| type: string |
| expirationSeconds: |
| description: expirationSeconds is the requested |
| duration of validity of the service account |
| token. As the token approaches expiration, |
| the kubelet volume plugin will proactively |
| rotate the service account token. The kubelet |
| will start trying to rotate the token if |
| the token is older than 80 percent of its |
| time to live or if the token is older than |
| 24 hours.Defaults to 1 hour and must be |
| at least 10 minutes. |
| format: int64 |
| type: integer |
| path: |
| description: path is the path relative to |
| the mount point of the file to project the |
| token into. |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| type: array |
| type: object |
| quobyte: |
| description: quobyte represents a Quobyte mount on the host |
| that shares a pod's lifetime |
| properties: |
| group: |
| description: group to map volume access to Default is |
| no group |
| type: string |
| readOnly: |
| description: readOnly here will force the Quobyte volume |
| to be mounted with read-only permissions. Defaults |
| to false. |
| type: boolean |
| registry: |
| description: registry represents a single or multiple |
| Quobyte Registry services specified as a string as |
| host:port pair (multiple entries are separated with |
| commas) which acts as the central registry for volumes |
| type: string |
| tenant: |
| description: tenant owning the given Quobyte volume |
| in the Backend Used with dynamically provisioned Quobyte |
| volumes, value is set by the plugin |
| type: string |
| user: |
| description: user to map volume access to Defaults to |
| serivceaccount user |
| type: string |
| volume: |
| description: volume is a string that references an already |
| created Quobyte volume by name. |
| type: string |
| required: |
| - registry |
| - volume |
| type: object |
| rbd: |
| description: 'rbd represents a Rados Block Device mount |
| on the host that shares a pod''s lifetime. More info: |
| https://examples.k8s.io/volumes/rbd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type of the volume |
| that you want to mount. Tip: Ensure that the filesystem |
| type is supported by the host operating system. Examples: |
| "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd |
| TODO: how do we prevent errors in the filesystem from |
| compromising the machine' |
| type: string |
| image: |
| description: 'image is the rados image name. More info: |
| https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| keyring: |
| description: 'keyring is the path to key ring for RBDUser. |
| Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| monitors: |
| description: 'monitors is a collection of Ceph monitors. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| pool: |
| description: 'pool is the rados pool name. Default is |
| rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. More info: |
| https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: boolean |
| secretRef: |
| description: 'secretRef is name of the authentication |
| secret for RBDUser. If provided overrides keyring. |
| Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is the rados user name. Default is |
| admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| required: |
| - image |
| - monitors |
| type: object |
| scaleIO: |
| description: scaleIO represents a ScaleIO persistent volume |
| attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host operating |
| system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". |
| type: string |
| gateway: |
| description: gateway is the host address of the ScaleIO |
| API Gateway. |
| type: string |
| protectionDomain: |
| description: protectionDomain is the name of the ScaleIO |
| Protection Domain for the configured storage. |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef references to the secret for |
| ScaleIO user and other sensitive information. If this |
| is not provided, Login operation will fail. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| sslEnabled: |
| description: sslEnabled Flag enable/disable SSL communication |
| with Gateway, default false |
| type: boolean |
| storageMode: |
| description: storageMode indicates whether the storage |
| for a volume should be ThickProvisioned or ThinProvisioned. |
| Default is ThinProvisioned. |
| type: string |
| storagePool: |
| description: storagePool is the ScaleIO Storage Pool |
| associated with the protection domain. |
| type: string |
| system: |
| description: system is the name of the storage system |
| as configured in ScaleIO. |
| type: string |
| volumeName: |
| description: volumeName is the name of a volume already |
| created in the ScaleIO system that is associated with |
| this volume source. |
| type: string |
| required: |
| - gateway |
| - secretRef |
| - system |
| type: object |
| secret: |
| description: 'secret represents a secret that should populate |
| this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| properties: |
| defaultMode: |
| description: 'defaultMode is Optional: mode bits used |
| to set permissions on created files by default. Must |
| be an octal value between 0000 and 0777 or a decimal |
| value between 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within the path |
| are not affected by this setting. This might be in |
| conflict with other options that affect the file mode, |
| like fsGroup, and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| items: |
| description: items If unspecified, each key-value pair |
| in the Data field of the referenced Secret will be |
| projected into the volume as a file whose name is |
| the key and content is the value. If specified, the |
| listed keys will be projected into the specified paths, |
| and unlisted keys will not be present. If a key is |
| specified which is not present in the Secret, the |
| volume setup will error unless it is marked optional. |
| Paths must be relative and may not contain the '..' |
| path or start with '..'. |
| items: |
| description: Maps a string key to a path within a |
| volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits used |
| to set permissions on this file. Must be an |
| octal value between 0000 and 0777 or a decimal |
| value between 0 and 511. YAML accepts both octal |
| and decimal values, JSON requires decimal values |
| for mode bits. If not specified, the volume |
| defaultMode will be used. This might be in conflict |
| with other options that affect the file mode, |
| like fsGroup, and the result can be other mode |
| bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path of the |
| file to map the key to. May not be an absolute |
| path. May not contain the path element '..'. |
| May not start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| optional: |
| description: optional field specify whether the Secret |
| or its keys must be defined |
| type: boolean |
| secretName: |
| description: 'secretName is the name of the secret in |
| the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| type: string |
| type: object |
| storageos: |
| description: storageOS represents a StorageOS volume attached |
| and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host operating |
| system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred |
| to be "ext4" if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef specifies the secret to use for |
| obtaining the StorageOS API credentials. If not specified, |
| default values will be attempted. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeName: |
| description: volumeName is the human-readable name of |
| the StorageOS volume. Volume names are only unique |
| within a namespace. |
| type: string |
| volumeNamespace: |
| description: volumeNamespace specifies the scope of |
| the volume within StorageOS. If no namespace is specified |
| then the Pod's namespace will be used. This allows |
| the Kubernetes name scoping to be mirrored within |
| StorageOS for tighter integration. Set VolumeName |
| to any name to override the default behaviour. Set |
| to "default" if you are not using namespaces within |
| StorageOS. Namespaces that do not pre-exist within |
| StorageOS will be created. |
| type: string |
| type: object |
| vsphereVolume: |
| description: vsphereVolume represents a vSphere volume attached |
| and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fsType is filesystem type to mount. Must |
| be a filesystem type supported by the host operating |
| system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred |
| to be "ext4" if unspecified. |
| type: string |
| storagePolicyID: |
| description: storagePolicyID is the storage Policy Based |
| Management (SPBM) profile ID associated with the StoragePolicyName. |
| type: string |
| storagePolicyName: |
| description: storagePolicyName is the storage Policy |
| Based Management (SPBM) profile name. |
| type: string |
| volumePath: |
| description: volumePath is the path that identifies |
| vSphere volume vmdk |
| type: string |
| required: |
| - volumePath |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| type: object |
| resources: |
| description: Resources workflow resources that are linked to this |
| workflow definition. For example, a collection of OpenAPI specification |
| files. |
| properties: |
| configMaps: |
| items: |
| description: ConfigMapWorkflowResource ConfigMap local reference |
| holding one or more workflow resources, such as OpenAPI files |
| that will be mounted in the workflow application. |
| properties: |
| configMap: |
| description: ConfigMap the given configMap name in the same |
| workflow context to find the resource |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| workflowPath: |
| description: WorkflowPath path relative to the workflow |
| application root file system within the pod (/<application |
| path>/src/main/resources). Starting trailing slashes will |
| be removed. |
| type: string |
| required: |
| - configMap |
| type: object |
| type: array |
| type: object |
| required: |
| - flow |
| type: object |
| status: |
| description: SonataFlowStatus defines the observed state of SonataFlow |
| properties: |
| address: |
| description: Address is used as a part of Addressable interface (status.address.url) |
| for knative |
| properties: |
| CACerts: |
| description: CACerts is the Certification Authority (CA) certificates |
| in PEM format according to https://www.rfc-editor.org/rfc/rfc7468. |
| type: string |
| name: |
| description: Name is the name of the address. |
| type: string |
| url: |
| type: string |
| type: object |
| conditions: |
| description: The latest available observations of a resource's current |
| state. |
| items: |
| description: Condition describes the common structure for conditions |
| in our types |
| properties: |
| lastUpdateTime: |
| description: The last time this condition was updated. |
| format: date-time |
| type: string |
| message: |
| description: A human-readable message indicating details about |
| the transition. |
| type: string |
| reason: |
| description: The reason for the condition's last transition. |
| type: string |
| status: |
| description: Status of the condition, one of True, False, Unknown. |
| type: string |
| type: |
| description: Type condition for the given object |
| type: string |
| required: |
| - status |
| - type |
| type: object |
| type: array |
| endpoint: |
| description: Endpoint is an externally accessible URL of the workflow |
| type: string |
| lastTimeRecoverAttempt: |
| format: date-time |
| type: string |
| observedGeneration: |
| description: The generation observed by the deployment controller. |
| format: int64 |
| type: integer |
| recoverFailureAttempts: |
| description: keeps track of how many failure recovers a given workflow |
| had so far |
| type: integer |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| status: {} |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: Role |
| metadata: |
| name: sonataflow-operator-leader-election-role |
| namespace: sonataflow-operator-system |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - configmaps |
| verbs: |
| - get |
| - list |
| - watch |
| - create |
| - update |
| - patch |
| - delete |
| - apiGroups: |
| - coordination.k8s.io |
| resources: |
| - leases |
| verbs: |
| - get |
| - list |
| - watch |
| - create |
| - update |
| - patch |
| - delete |
| - apiGroups: |
| - "" |
| resources: |
| - events |
| verbs: |
| - create |
| - patch |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: sonataflow-operator-builder-manager-role |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - configmaps |
| - pods |
| - pods/exec |
| - services |
| - services/finalizers |
| - namespaces |
| - serviceaccounts |
| - persistentvolumeclaims |
| - secrets |
| - events |
| - deployments |
| - nodes |
| verbs: |
| - create |
| - delete |
| - deletecollection |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - apps |
| resources: |
| - configmaps |
| - pods |
| - pods/exec |
| - services |
| - services/finalizers |
| - namespaces |
| - serviceaccounts |
| - persistentvolumeclaims |
| - secrets |
| - events |
| - deployments |
| - nodes |
| verbs: |
| - create |
| - delete |
| - deletecollection |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - rbac.authorization.k8s.io |
| resources: |
| - roles |
| - rolebindings |
| verbs: |
| - create |
| - delete |
| - deletecollection |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: sonataflow-operator-leases |
| rules: |
| - apiGroups: |
| - coordination.k8s.io |
| resources: |
| - leases |
| verbs: |
| - create |
| - delete |
| - deletecollection |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| creationTimestamp: null |
| name: sonataflow-operator-manager-role |
| rules: |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflowbuilds |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflowbuilds/finalizers |
| verbs: |
| - update |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflowbuilds/status |
| verbs: |
| - get |
| - patch |
| - update |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflowplatforms |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflowplatforms/finalizers |
| verbs: |
| - update |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflowplatforms/status |
| verbs: |
| - get |
| - patch |
| - update |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflows |
| verbs: |
| - create |
| - delete |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflows/finalizers |
| verbs: |
| - update |
| - apiGroups: |
| - sonataflow.org |
| resources: |
| - sonataflows/status |
| verbs: |
| - get |
| - patch |
| - update |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: sonataflow-operator-metrics-reader |
| rules: |
| - nonResourceURLs: |
| - /metrics |
| verbs: |
| - get |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: sonataflow-operator-openshift-manager-role |
| rules: |
| - apiGroups: |
| - route.openshift.io |
| resources: |
| - route |
| - routes |
| verbs: |
| - create |
| - delete |
| - deletecollection |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - route.openshift.io |
| resources: |
| - route/finalizers |
| - routes/finalizers |
| verbs: |
| - get |
| - list |
| - create |
| - update |
| - delete |
| - deletecollection |
| - patch |
| - watch |
| - apiGroups: |
| - image.openshift.io |
| resources: |
| - imagestreams |
| - imagestreamtags |
| verbs: |
| - create |
| - delete |
| - deletecollection |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - image.openshift.io |
| resources: |
| - imagestreams/finalizers |
| - imagestreamtags/finalizers |
| verbs: |
| - get |
| - list |
| - create |
| - update |
| - delete |
| - deletecollection |
| - patch |
| - watch |
| - apiGroups: |
| - build.openshift.io |
| resources: |
| - buildconfigs |
| - builds |
| verbs: |
| - create |
| - delete |
| - deletecollection |
| - get |
| - list |
| - patch |
| - update |
| - watch |
| - apiGroups: |
| - build.openshift.io |
| resources: |
| - buildconfigs/finalizers |
| - builds/finalizers |
| verbs: |
| - get |
| - list |
| - create |
| - update |
| - delete |
| - deletecollection |
| - patch |
| - watch |
| - apiGroups: |
| - build.openshift.io |
| resources: |
| - buildconfigs/instantiatebinary |
| verbs: |
| - create |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: sonataflow-operator-proxy-role |
| rules: |
| - apiGroups: |
| - authentication.k8s.io |
| resources: |
| - tokenreviews |
| verbs: |
| - create |
| - apiGroups: |
| - authorization.k8s.io |
| resources: |
| - subjectaccessreviews |
| verbs: |
| - create |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: sonataflow-operator-service-discovery-role |
| rules: |
| - apiGroups: |
| - apps |
| resources: |
| - statefulset |
| - statefulsets |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - networking.k8s.io |
| resources: |
| - ingress |
| - ingresses |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - serving.knative.dev |
| resources: |
| - service |
| - services |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - eventing.knative.dev |
| resources: |
| - broker |
| - brokers |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - apps.openshift.io |
| resources: |
| - deploymentconfigs |
| verbs: |
| - get |
| - list |
| - watch |
| - apiGroups: |
| - route.openshift.io |
| resources: |
| - routes |
| verbs: |
| - get |
| - list |
| - watch |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| name: sonataflow-operator-leader-election-rolebinding |
| namespace: sonataflow-operator-system |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: sonataflow-operator-leader-election-role |
| subjects: |
| - kind: ServiceAccount |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: sonataflow-operator-builder-manager-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: sonataflow-operator-builder-manager-role |
| subjects: |
| - kind: ServiceAccount |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: sonataflow-operator-leases-binding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: sonataflow-operator-leases |
| subjects: |
| - kind: ServiceAccount |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: sonataflow-operator-manager-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: sonataflow-operator-manager-role |
| subjects: |
| - kind: ServiceAccount |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: sonataflow-operator-openshift-manager-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: sonataflow-operator-openshift-manager-role |
| subjects: |
| - kind: ServiceAccount |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: sonataflow-operator-proxy-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: sonataflow-operator-proxy-role |
| subjects: |
| - kind: ServiceAccount |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: sonataflow-operator-service-discovery-rolebinding |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: sonataflow-operator-service-discovery-role |
| subjects: |
| - kind: ServiceAccount |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: v1 |
| data: |
| DEFAULT_BUILDER_RESOURCE_NAME: Dockerfile |
| DEFAULT_WORKFLOW_EXTENSION: .sw.json |
| Dockerfile: "FROM quay.io/kiegroup/kogito-swf-builder-nightly:latest AS builder\n\n# |
| variables that can be overridden by the builder\n# To add a Quarkus extension |
| to your application\nARG QUARKUS_EXTENSIONS\n# Args to pass to the Quarkus CLI |
| add extension command\nARG QUARKUS_ADD_EXTENSION_ARGS\n\n# Copy from build context |
| to skeleton resources project\nCOPY --chown=1001 . ./resources\n\nRUN /home/kogito/launch/build-app.sh |
| ./resources\n \n#=============================\n# Runtime Run\n#=============================\nFROM |
| registry.access.redhat.com/ubi9/openjdk-17:latest\n\nENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'\n |
| \ \n# We make four distinct layers so if there are application changes the library |
| layers can be re-used\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/lib/ |
| /deployments/lib/\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/*.jar |
| /deployments/\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/app/ |
| /deployments/app/\nCOPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/quarkus/ |
| /deployments/quarkus/\n\nEXPOSE 8080\nUSER 185\nENV AB_JOLOKIA_OFF=\"\"\nENV JAVA_OPTS=\"-Dquarkus.http.host=0.0.0.0 |
| -Djava.util.logging.manager=org.jboss.logmanager.LogManager\"\nENV JAVA_APP_JAR=\"/deployments/quarkus-run.jar\"\n" |
| kind: ConfigMap |
| metadata: |
| name: sonataflow-operator-builder-config |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: v1 |
| data: |
| controller_manager_config.yaml: | |
| apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 |
| kind: ControllerManagerConfig |
| health: |
| healthProbeBindAddress: :8081 |
| metrics: |
| bindAddress: 127.0.0.1:8080 |
| webhook: |
| port: 9443 |
| leaderElection: |
| leaderElect: true |
| resourceName: 1be5e57d.kiegroup.org |
| kind: ConfigMap |
| metadata: |
| name: sonataflow-operator-manager-config |
| namespace: sonataflow-operator-system |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| labels: |
| control-plane: controller-manager |
| name: sonataflow-operator-controller-manager-metrics-service |
| namespace: sonataflow-operator-system |
| spec: |
| ports: |
| - name: https |
| port: 8443 |
| protocol: TCP |
| targetPort: https |
| selector: |
| control-plane: controller-manager |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| labels: |
| control-plane: controller-manager |
| name: sonataflow-operator-controller-manager |
| namespace: sonataflow-operator-system |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| control-plane: controller-manager |
| template: |
| metadata: |
| annotations: |
| kubectl.kubernetes.io/default-container: manager |
| labels: |
| control-plane: controller-manager |
| spec: |
| containers: |
| - args: |
| - --secure-listen-address=0.0.0.0:8443 |
| - --upstream=http://127.0.0.1:8080/ |
| - --logtostderr=true |
| - --v=0 |
| image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 |
| name: kube-rbac-proxy |
| ports: |
| - containerPort: 8443 |
| name: https |
| protocol: TCP |
| resources: |
| limits: |
| cpu: 500m |
| memory: 128Mi |
| requests: |
| cpu: 5m |
| memory: 64Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| drop: |
| - ALL |
| seccompProfile: |
| type: RuntimeDefault |
| - args: |
| - --health-probe-bind-address=:8081 |
| - --metrics-bind-address=127.0.0.1:8080 |
| - --leader-elect |
| - --v=0 |
| command: |
| - /usr/local/bin/manager |
| env: |
| - name: POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| image: quay.io/kiegroup/kogito-serverless-operator-nightly:latest |
| livenessProbe: |
| httpGet: |
| path: /healthz |
| port: 8081 |
| initialDelaySeconds: 15 |
| periodSeconds: 20 |
| name: manager |
| readinessProbe: |
| httpGet: |
| path: /readyz |
| port: 8081 |
| initialDelaySeconds: 5 |
| periodSeconds: 10 |
| resources: |
| limits: |
| cpu: 500m |
| memory: 128Mi |
| requests: |
| cpu: 10m |
| memory: 64Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| drop: |
| - ALL |
| securityContext: |
| runAsNonRoot: true |
| serviceAccountName: sonataflow-operator-controller-manager |
| terminationGracePeriodSeconds: 10 |