Upgrade go dependencies (#491)
- Golang k8s dependencies -> v0.25.3
- Golang controller runtime dependency -> v0.13.0
- Controller tools (for controller-gen) -> v0.10.0
diff --git a/Makefile b/Makefile
index 76bdb75..03f9705 100644
--- a/Makefile
+++ b/Makefile
@@ -15,9 +15,6 @@
PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
-# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
-
GO_VERSION = $(shell go version | sed -r 's/^.*([0-9]+\.[0-9]+\.[0-9]+).*$$/\1/g')
REQUIRED_GO_VERSION = $(shell cat go.mod | grep -E 'go [1-9]\.[0-9]+' | sed -r 's/^go ([0-9]+\.[0-9]+)$$/\1/g')
@@ -43,7 +40,7 @@
ARCH = $(shell go env GOARCH)
KUSTOMIZE_VERSION=v4.5.2
-CONTROLLER_GEN_VERSION=v0.6.0
+CONTROLLER_GEN_VERSION=v0.10.0
GO_LICENSES_VERSION=v1.5.0
GINKGO_VERSION = $(shell cat go.mod | grep 'github.com/onsi/ginkgo' | sed 's/.*\(v.*\)$$/\1/g')
@@ -103,7 +100,7 @@
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects
rm -rf generated-check/api
- $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=solr-operator-role webhook paths="./api/..." paths="./controllers/." output:rbac:artifacts:config=$(or $(TMP_CONFIG_OUTPUT_DIRECTORY),config)/rbac output:crd:artifacts:config=$(or $(TMP_CONFIG_OUTPUT_DIRECTORY),config)/crd/bases
+ $(CONTROLLER_GEN) crd rbac:roleName=solr-operator-role webhook paths="./api/..." paths="./controllers/." output:rbac:artifacts:config=$(or $(TMP_CONFIG_OUTPUT_DIRECTORY),config)/rbac output:crd:artifacts:config=$(or $(TMP_CONFIG_OUTPUT_DIRECTORY),config)/crd/bases
CONFIG_DIRECTORY=$(or $(TMP_CONFIG_OUTPUT_DIRECTORY),config) VERSION=$(VERSION) ./hack/config/add_crds_annotations.sh
CONFIG_DIRECTORY=$(or $(TMP_CONFIG_OUTPUT_DIRECTORY),config) HELM_DIRECTORY=$(or $(TMP_HELM_OUTPUT_DIRECTORY),helm) ./hack/config/copy_crds_roles_helm.sh
CONFIG_DIRECTORY=$(or $(TMP_CONFIG_OUTPUT_DIRECTORY),config) ./hack/config/add_crds_roles_headers.sh
diff --git a/config/crd/bases/solr.apache.org_solrbackups.yaml b/config/crd/bases/solr.apache.org_solrbackups.yaml
index 7ee1c65..2dbabed 100644
--- a/config/crd/bases/solr.apache.org_solrbackups.yaml
+++ b/config/crd/bases/solr.apache.org_solrbackups.yaml
@@ -12,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -20,7 +19,7 @@
annotations:
operator.solr.apache.org/version: v0.7.0-prerelease
argocd.argoproj.io/sync-options: Replace=true
- controller-gen.kubebuilder.io/version: v0.6.0
+ controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: solrbackups.solr.apache.org
spec:
@@ -106,11 +105,11 @@
type: integer
schedule:
description: "Perform a backup on the given schedule, in CRON
- format. \n Multiple CRON syntaxes are supported - Standard
- CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined
- Schedules (e.g. \"@yearly\", \"@weekly\", \"@daily\", etc.)
- \ - Intervals (e.g. \"@every 10h30m\") \n For more information
- please check this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
+ format. \n Multiple CRON syntaxes are supported - Standard CRON
+ (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
+ (e.g. \"@yearly\", \"@weekly\", \"@daily\", etc.) - Intervals
+ (e.g. \"@every 10h30m\") \n For more information please check
+ this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
type: string
required:
- schedule
@@ -262,9 +261,3 @@
storage: true
subresources:
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/config/crd/bases/solr.apache.org_solrclouds.yaml b/config/crd/bases/solr.apache.org_solrclouds.yaml
index aa59dec..13f2646 100644
--- a/config/crd/bases/solr.apache.org_solrclouds.yaml
+++ b/config/crd/bases/solr.apache.org_solrclouds.yaml
@@ -12,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -20,7 +19,7 @@
annotations:
operator.solr.apache.org/version: v0.7.0-prerelease
argocd.argoproj.io/sync-options: Replace=true
- controller-gen.kubebuilder.io/version: v0.6.0
+ controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: solrclouds.solr.apache.org
spec:
@@ -131,6 +130,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
required:
- bucket
type: object
@@ -185,6 +185,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
credentialsFileSecret:
description: The name & key of a Kubernetes secret holding
an AWS credentials file
@@ -205,6 +206,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secretAccessKeySecret:
description: The name & key of a Kubernetes secret holding
an AWS Secret Access Key
@@ -225,6 +227,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
sessionTokenSecret:
description: The name & key of a Kubernetes secret holding
an AWS Session Token
@@ -245,6 +248,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
endpoint:
description: The full endpoint URL to use when connecting
@@ -281,123 +285,128 @@
- ReadWriteMany`. Other options are to use a NFS volume.'
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an AWS
+ description: 'awsElasticBlockStore represents an AWS
Disk resource that is attached to a kubelet''s host
machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you
- want to mount. If omitted, the default is to mount
- by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the
- volume partition for /dev/sda is "0" (or you can
- leave the property empty).'
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set the
- ReadOnly property in VolumeMounts to "true". If
- omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force the
+ readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk resource
- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data Disk
+ description: azureDisk represents an Azure Data Disk
mount on the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read Only,
- Read Write.'
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the blob
- storage
+ description: diskName is the Name of the data disk
+ in the blob storage
type: string
diskURI:
- description: The URI the data disk in the blob storage
+ description: diskURI is the URI of data disk in
+ the blob storage
type: string
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple blob
- disks per storage account Dedicated: single blob
- disk per storage account Managed: azure managed
- data disk (only in managed availability set).
- defaults to shared'
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File Service
+ description: azureFile represents an Azure File Service
mount on the host and bind mount to the pod.
properties:
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains Azure
- Storage Account Name and Key
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on the
+ description: cephFS represents a Ceph FS mount on the
host that shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors is
+ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted root,
- rather than the full Ceph tree, default is /'
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path to
- key ring for User, default is /etc/ceph/user.secret
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default is /etc/ceph/user.secret
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference to
- the authentication secret for User, default is
- empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef is
+ reference to the authentication secret for User,
+ default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info:
@@ -406,32 +415,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user name,
- default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the rados
+ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume attached
+ description: 'cinder represents a cinder volume attached
and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must be
- a filesystem type supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More info:
- https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points to a
+ secret object containing parameters used to connect
+ to OpenStack.'
properties:
name:
description: 'Name of the referent. More info:
@@ -440,33 +451,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the volume
+ description: 'volumeID used to identify the volume
in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that should
+ description: configMap represents a configMap that should
populate this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for
- mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This
- might be in conflict with other options that affect
- the file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced ConfigMap
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file whose
name is the key and content is the value. If specified,
the listed keys will be projected into the specified
@@ -481,26 +493,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both
- octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
type: string
required:
- key
@@ -513,28 +527,29 @@
uid?'
type: string
optional:
- description: Specify whether the ConfigMap or its
- keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents
+ description: csi (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
- description: Driver is the name of the CSI driver
+ description: driver is the name of the CSI driver
that handles this volume. Consult with your admin
for the correct name as registered in the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty value
- is passed to the associated CSI driver which will
- determine the default filesystem to apply.
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
+ description: nodePublishSecretRef is a reference
to the secret object containing sensitive information
to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
@@ -550,14 +565,15 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration
+ description: readOnly specifies a read-only configuration
for the volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific
+ description: volumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for supported
values.
@@ -566,7 +582,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API about
+ description: downwardAPI represents downward API about
the pod that should populate this volume
properties:
defaultMode:
@@ -608,6 +624,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to
set permissions on this file, must be an
@@ -653,51 +670,52 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory
+ description: 'emptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which means
- to use the node''s default medium. Must be an
- empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage
+ medium should back this directory. The default
+ is "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required
- for this EmptyDir volume. The size limit is also
- applicable for memory medium. The maximum usage
- on memory medium EmptyDir would be the minimum
- value between the SizeLimit specified here and
- the sum of memory limits of all containers in
- a pod. The default is nil which means that the
- limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The
+ size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified
+ here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that is
- handled by a cluster storage driver (Alpha feature).
- The volume's lifecycle is tied to the pod that defines
- it - it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if: a)
- the volume is only needed while the pod runs, b) features
- of normal volumes like restoring from snapshot or
- capacity tracking are needed, c) the storage driver
- is specified through a storage class, and d) the storage
- driver supports dynamic volume provisioning through
- \ a PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim). \n
- Use PersistentVolumeClaim or one of the vendor-specific
+ description: "ephemeral represents a volume that is
+ handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it - it
+ will be created before the pod starts, and deleted
+ when the pod is removed. \n Use this if: a) the volume
+ is only needed while the pod runs, b) features of
+ normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver
+ supports dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on
+ the connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the
lifecycle of an individual pod. \n Use CSI for light-weight
local ephemeral volumes if the CSI driver is meant
@@ -706,10 +724,6 @@
types of ephemeral volumes and persistent volumes
at the same time."
properties:
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
volumeClaimTemplate:
description: "Will be used to create a stand-alone
PVC to provision the volume. The pod in which
@@ -748,26 +762,25 @@
are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the desired
+ description: 'accessModes contains the desired
access modes the volume should have. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to
- specify either: * An existing VolumeSnapshot
+ description: 'dataSource field can be used
+ to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that implements
- data population (Alpha) In order to use
- custom resource types that implement data
- population, the AnyVolumeDataSource feature
- gate must be enabled. If the provisioner
- or an external controller can support
- the specified data source, it will create
- a new volume based on the contents of
- the specified data source.'
+ If the provisioner or an external controller
+ can support the specified data source,
+ it will create a new volume based on the
+ contents of the specified data source.
+ If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have
+ the same contents as the DataSourceRef
+ field.'
properties:
apiGroup:
description: APIGroup is the group for
@@ -789,10 +802,67 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the
+ object from which to populate the volume
+ with data, if a non-empty volume is desired.
+ This may be any local object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if the
+ type of the specified object matches some
+ installed volume populator or dynamic
+ provisioner. This field will replace the
+ functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource
+ and DataSourceRef) will be set to the
+ same value automatically if one of them
+ is empty and the other is non-empty. There
+ are two important differences between
+ DataSource and DataSourceRef: * While
+ DataSource only allows two specific types
+ of objects, DataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef
+ preserves all values, and generates an
+ error if a disallowed value is specified.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the minimum
- resources the volume should have. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: 'resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to
+ specify resource requirements that are
+ lower than previous value but must still
+ be higher than capacity recorded in the
+ status field of the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -803,7 +873,7 @@
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum
amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -818,12 +888,12 @@
a container, it defaults to Limits
if that is explicitly specified, otherwise
to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes
- to consider for binding.
+ description: selector is a label query over
+ volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list
@@ -876,9 +946,11 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name
+ of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type
@@ -887,7 +959,7 @@
in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference
+ description: volumeName is the binding reference
to the PersistentVolume backing this claim.
type: string
type: object
@@ -896,74 +968,75 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource
+ description: fc represents a Fibre Channel resource
that is attached to a kubelet's host machine and then
exposed to the pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must be
- a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. TODO: how
do we prevent errors in the filesystem from compromising
the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide names
- (WWNs)'
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide identifiers
- (wwids) Either wwids or combination of targetWWNs
- and lun must be set, but not both simultaneously.'
+ description: 'wwids Optional: FC volume world wide
+ identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not both
+ simultaneously.'
items:
type: string
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume
+ description: flexVolume represents a generic volume
resource that is provisioned/attached using an exec
based plugin.
properties:
driver:
- description: Driver is the name of the driver to
+ description: driver is the name of the driver to
use for this volume.
type: string
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". The default
- filesystem depends on FlexVolume script.
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". The
+ default filesystem depends on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options if
- any.'
+ description: 'options is Optional: this field holds
+ extra command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference to
- the secret object containing sensitive information
- to pass to the plugin scripts. This may be empty
- if no secret object is specified. If the secret
- object contains more than one secret, all secrets
- are passed to the plugin scripts.'
+ description: 'secretRef is Optional: secretRef is
+ reference to the secret object containing sensitive
+ information to pass to the plugin scripts. This
+ may be empty if no secret object is specified.
+ If the secret object contains more than one secret,
+ all secrets are passed to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More info:
@@ -972,32 +1045,33 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume attached
+ description: flocker represents a Flocker volume attached
to a kubelet's host machine. This depends on the Flocker
control service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should be considered
- as deprecated
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset for
+ Flocker should be considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE Disk
+ description: 'gcePersistentDisk represents a GCE Disk
resource that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
+ description: 'fsType is filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -1005,21 +1079,22 @@
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you
- want to mount. If omitted, the default is to mount
- by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the
- volume partition for /dev/sda is "0" (or you can
- leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource in
- GCE. Used to identify the disk in GCE. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD resource
+ in GCE. Used to identify the disk in GCE. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
@@ -1027,7 +1102,7 @@
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository at
+ description: 'gitRepo represents a git repository at
a particular revision. DEPRECATED: GitRepo is deprecated.
To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo
@@ -1035,37 +1110,38 @@
container.'
properties:
directory:
- description: Target directory name. Must not contain
- or start with '..'. If '.' is supplied, the volume
- directory will be the git repository. Otherwise,
- if specified, the volume will contain the git
- repository in the subdirectory with the given
- name.
+ description: directory is the target directory name.
+ Must not contain or start with '..'. If '.' is
+ supplied, the volume directory will be the git
+ repository. Otherwise, if specified, the volume
+ will contain the git repository in the subdirectory
+ with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for the
+ specified revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
+ description: 'glusterfs represents a Glusterfs mount
on the host that shares a pod''s lifetime. More info:
https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint name
- that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: 'endpoints is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path.
+ description: 'path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs
+ description: 'readOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -1074,7 +1150,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing file
+ description: 'hostPath represents a pre-existing file
or directory on the host machine that is directly
exposed to the container. This is generally used for
system agents or other privileged things that are
@@ -1085,71 +1161,73 @@
directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host.
+ description: 'path of the directory on the host.
If the path is a symlink, it will follow the link
to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults
+ description: 'type for HostPath Volume Defaults
to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
+ description: 'iscsi represents an ISCSI Disk resource
that is attached to a kubelet''s host machine and
then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery CHAP
- authentication
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously,
- new iSCSI interface <target portal>:<volume name>
- will be created for the connection.
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI
- transport. Defaults to 'default' (tcp).
+ description: iscsiInterface is the interface Name
+ that uses an iSCSI transport. Defaults to 'default'
+ (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port is
- other than default (typically TCP ports 860 and
- 3260).
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically TCP
+ ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly
+ description: readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and initiator
- authentication
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
properties:
name:
description: 'Name of the referent. More info:
@@ -1158,10 +1236,12 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal is
- either an IP or ip_addr:port if the port is other
- than default (typically TCP ports 860 and 3260).
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port if
+ the port is other than default (typically TCP
+ ports 860 and 3260).
type: string
required:
- iqn
@@ -1169,20 +1249,20 @@
- targetPortal
type: object
nfs:
- description: 'NFS represents an NFS mount on the host
+ description: 'nfs represents an NFS mount on the host
that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS server.
+ description: 'path that is exported by the NFS server.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS export
+ description: 'readOnly here will force the NFS export
to be mounted with read-only permissions. Defaults
to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address
+ description: 'server is the hostname or IP address
of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -1190,132 +1270,133 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents
+ description: 'persistentVolumeClaimVolumeSource represents
a reference to a PersistentVolumeClaim in the same
namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting in
- VolumeMounts. Default false.
+ description: readOnly Will force the ReadOnly setting
+ in VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host
machine
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller
- persistent disk
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx volume
+ description: portworxVolume represents a portworx volume
attached and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem type
+ description: fSType represents the filesystem type
to mount Must be a filesystem type supported by
the host operating system. Ex. "ext4", "xfs".
Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a Portworx
+ description: volumeID uniquely identifies a Portworx
volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions on
- created files by default. Must be an octal value
- between 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Directories within the path are not affected
- by this setting. This might be in conflict with
- other options that affect the file mode, like
- fsGroup, and the result can be other mode bits
- set.
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path
+ are not affected by this setting. This might be
+ in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be
+ other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
- description: information about the configMap
- data to project
+ description: configMap information about the
+ configMap data to project
properties:
items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced
- ConfigMap will be projected into the
- volume as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected into
- the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap,
- the volume setup will error unless it
- is marked optional. Paths must be relative
- and may not contain the '..' path or
- start with '..'.
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced ConfigMap will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
items:
description: Maps a string key to a
path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits
- used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts
- both octal and decimal values,
- JSON requires decimal values for
- mode bits. If not specified, the
- volume defaultMode will be used.
- This might be in conflict with
- other options that affect the
- file mode, like fsGroup, and the
- result can be other mode bits
- set.'
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
format: int32
type: integer
path:
- description: The relative path of
- the file to map the key to. May
- not be an absolute path. May not
- contain the path element '..'.
- May not start with the string
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
'..'.
type: string
required:
@@ -1330,13 +1411,14 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI
- data to project
+ description: downwardAPI information about
+ the downwardAPI data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -1365,6 +1447,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits
used to set permissions on this
@@ -1420,59 +1503,60 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret
- data to project
+ description: secret information about the
+ secret data to project
properties:
items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced
- Secret will be projected into the volume
- as a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected into
- the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret,
- the volume setup will error unless it
- is marked optional. Paths must be relative
- and may not contain the '..' path or
- start with '..'.
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced Secret will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the Secret, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
items:
description: Maps a string key to a
path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits
- used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts
- both octal and decimal values,
- JSON requires decimal values for
- mode bits. If not specified, the
- volume defaultMode will be used.
- This might be in conflict with
- other options that affect the
- file mode, like fsGroup, and the
- result can be other mode bits
- set.'
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
format: int32
type: integer
path:
- description: The relative path of
- the file to map the key to. May
- not be an absolute path. May not
- contain the path element '..'.
- May not start with the string
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
'..'.
type: string
required:
@@ -1487,16 +1571,17 @@
kind, uid?'
type: string
optional:
- description: Specify whether the Secret
- or its key must be defined
+ description: optional field specify whether
+ the Secret or its key must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
properties:
audience:
- description: Audience is the intended
+ description: audience is the intended
audience of the token. A recipient of
a token must identify itself with an
identifier specified in the audience
@@ -1505,7 +1590,7 @@
the identifier of the apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is the
+ description: expirationSeconds is the
requested duration of validity of the
service account token. As the token
approaches expiration, the kubelet volume
@@ -1519,7 +1604,7 @@
format: int64
type: integer
path:
- description: Path is the path relative
+ description: path is the path relative
to the mount point of the file to project
the token into.
type: string
@@ -1530,36 +1615,36 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount on the
+ description: quobyte represents a Quobyte mount on the
host that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default
+ description: group to map volume access to Default
is no group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte
+ description: readOnly here will force the Quobyte
volume to be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
- description: Registry represents a single or multiple
+ description: registry represents a single or multiple
Quobyte Registry services specified as a string
as host:port pair (multiple entries are separated
with commas) which acts as the central registry
for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte volume
+ description: tenant owning the given Quobyte volume
in the Backend Used with dynamically provisioned
Quobyte volumes, value is set by the plugin
type: string
user:
- description: User to map volume access to Defaults
+ description: user to map volume access to Defaults
to serivceaccount user
type: string
volume:
- description: Volume is a string that references
+ description: volume is a string that references
an already created Quobyte volume by name.
type: string
required:
@@ -1567,44 +1652,46 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device mount
+ description: 'rbd represents a Rados Block Device mount
on the host that shares a pod''s lifetime. More info:
https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring for
+ description: 'keyring is the path to key ring for
RBDUser. Default is /etc/ceph/keyring. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is rbd.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication
+ description: 'secretRef is name of the authentication
secret for RBDUser. If provided overrides keyring.
Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -1615,38 +1702,40 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is admin.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent
+ description: scaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Default is
- "xfs".
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Default
+ is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO API
- Gateway.
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret
+ description: secretRef references to the secret
for ScaleIO user and other sensitive information.
If this is not provided, Login operation will
fail.
@@ -1658,27 +1747,28 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for a
- volume should be ThickProvisioned or ThinProvisioned.
+ description: storageMode indicates whether the storage
+ for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
type: string
system:
- description: The name of the storage system as configured
- in ScaleIO.
+ description: system is the name of the storage system
+ as configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that is
+ associated with this volume source.
type: string
required:
- gateway
@@ -1686,27 +1776,27 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should
+ description: 'secret represents a secret that should
populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for
- mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This
- might be in conflict with other options that affect
- the file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced Secret will
- be projected into the volume as a file whose name
- is the key and content is the value. If specified,
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
the listed keys will be projected into the specified
paths, and unlisted keys will not be present.
If a key is specified which is not present in
@@ -1719,26 +1809,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both
- octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
type: string
required:
- key
@@ -1746,30 +1838,31 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its keys
- must be defined
+ description: optional field specify whether the
+ Secret or its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s namespace
- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the secret
+ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume
+ description: storageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret to use
+ description: secretRef specifies the secret to use
for obtaining the StorageOS API credentials. If
not specified, default values will be attempted.
properties:
@@ -1780,13 +1873,14 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable name
+ description: volumeName is the human-readable name
of the StorageOS volume. Volume names are only
unique within a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope
+ description: volumeNamespace specifies the scope
of the volume within StorageOS. If no namespace
is specified then the Pod's namespace will be
used. This allows the Kubernetes name scoping
@@ -1798,26 +1892,27 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere volume
+ description: vsphereVolume represents a vSphere volume
attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management (SPBM)
- profile ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management (SPBM)
- profile name.
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume
- vmdk
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
type: string
required:
- volumePath
@@ -2053,6 +2148,7 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in the
@@ -2159,10 +2255,12 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
@@ -2247,11 +2345,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -2353,10 +2517,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -2458,11 +2685,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -2564,10 +2857,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -2605,7 +2961,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -2618,7 +2974,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
envVars:
@@ -2634,14 +2990,15 @@
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in
- the container and any service environment variables.
+ using the previously defined environment variables
+ in the container and any service environment variables.
If a variable cannot be resolved, the reference in
- the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to
- "".'
+ the input string will be unchanged. Double $$ are
+ reduced to a single $, which allows for escaping the
+ $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -2666,6 +3023,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -2684,6 +3042,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -2709,6 +3068,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
@@ -2730,6 +3090,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -2749,6 +3110,7 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
initContainers:
description: Additional init containers to run in the pod.
@@ -2759,29 +3121,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -2798,14 +3163,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -2830,6 +3197,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -2849,6 +3217,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -2875,6 +3244,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -2897,6 +3267,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -2929,6 +3300,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -2947,10 +3319,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -2975,9 +3348,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -3042,10 +3413,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -3070,20 +3442,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -3148,10 +3517,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -3177,8 +3547,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3200,6 +3569,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3265,9 +3654,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3284,6 +3672,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3298,13 +3705,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -3352,8 +3759,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3375,6 +3781,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3440,9 +3866,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3459,6 +3884,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3468,7 +3912,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -3478,7 +3922,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -3491,13 +3935,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -3506,12 +3951,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3531,7 +3978,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -3539,11 +3988,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -3551,6 +4002,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3570,7 +4023,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3580,6 +4034,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -3602,7 +4058,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -3630,6 +4087,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -3641,6 +4100,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -3664,8 +4137,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3687,6 +4159,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3752,9 +4244,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3771,6 +4262,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3916,8 +4426,7 @@
the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3979,9 +4488,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -4004,18 +4515,17 @@
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption,
resource contention, etc. The handler is not called
- if the container crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination grace
- period countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
+ if the container crashes or exits. The Pod''s termination
+ grace period countdown begins before the PreStop hook
+ is executed. Regardless of the outcome of the handler,
the container will eventually terminate within the Pod''s
- termination grace period. Other management of the container
- blocks until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ termination grace period (unless delayed by finalizers).
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -4077,9 +4587,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -4102,8 +4614,7 @@
description: Liveness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -4124,6 +4635,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -4187,9 +4717,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -4206,6 +4735,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -4231,7 +4778,8 @@
in the volume will be owned by FSGroup) 3. The permission
bits are OR'd with rw-rw---- \n If unset, the Kubelet
will not modify the ownership and permissions of any
- volume."
+ volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -4242,14 +4790,16 @@
permissions). It will have no effect on ephemeral volume
types such as: secret, configmaps and emptydir. Valid
values are "OnRootMismatch" and "Always". If not specified,
- "Always" is used.'
+ "Always" is used. Note that this field cannot be set
+ when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -4268,7 +4818,8 @@
if unspecified. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
- for that container.
+ for that container. Note that this field cannot be set
+ when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -4277,7 +4828,8 @@
allocate a random SELinux context for each container. May
also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -4298,7 +4850,8 @@
type: object
seccompProfile:
description: The seccomp options to use by the containers
- in this pod.
+ in this pod. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -4323,7 +4876,8 @@
description: A list of groups applied to the first process
run in each container, in addition to the container's
primary GID. If unspecified, no groups will be added
- to any container.
+ to any container. Note that this field cannot be set
+ when spec.os.name is windows.
items:
format: int64
type: integer
@@ -4331,7 +4885,8 @@
sysctls:
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls (by
- the container runtime) might fail to launch.
+ the container runtime) might fail to launch. Note that
+ this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be
set
@@ -4352,7 +4907,8 @@
all containers. If unspecified, the options within a
container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence.
+ specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
@@ -4364,6 +4920,19 @@
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. This
+ field is alpha-level and will only be honored by
+ components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod.
+ All of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
@@ -4381,8 +4950,7 @@
description: Readiness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -4403,6 +4971,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -4466,9 +5053,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -4485,6 +5071,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -4504,7 +5108,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -4517,7 +5121,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
serviceAccountName:
@@ -4531,29 +5135,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -4570,14 +5177,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -4602,6 +5211,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -4621,6 +5231,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -4647,6 +5258,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -4669,6 +5281,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -4701,6 +5314,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -4719,10 +5333,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -4747,9 +5362,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -4814,10 +5427,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -4842,20 +5456,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -4920,10 +5531,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -4949,8 +5561,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -4972,6 +5583,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -5037,9 +5668,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -5056,6 +5686,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -5070,13 +5719,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -5124,8 +5773,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -5147,6 +5795,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -5212,9 +5880,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -5231,6 +5898,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -5240,7 +5926,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -5250,7 +5936,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -5263,13 +5949,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -5278,12 +5965,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -5303,7 +5992,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -5311,11 +6002,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -5323,6 +6016,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -5342,7 +6037,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -5352,6 +6048,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -5374,7 +6072,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -5402,6 +6101,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -5413,6 +6114,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -5436,8 +6151,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -5459,6 +6173,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -5524,9 +6258,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -5543,6 +6276,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -5676,8 +6428,7 @@
description: Startup probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -5698,6 +6449,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -5761,9 +6531,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -5780,6 +6549,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -5893,44 +6680,120 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming
+ pod labels, those key-value labels are ANDed with
+ labelSelector to select the group of existing pods
+ over which spreading will be calculated for the incoming
+ pod. Keys that don't exist in the incoming pod labels
+ will be ignored. A null or empty list means only match
+ against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which
pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the
number of matching pods in the target topology and
- the global minimum. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
- spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- - if MaxSkew is 1, incoming pod can only be scheduled
- to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
- would make the ActualSkew(2-0) on zone1(zone2) violate
- MaxSkew(1). - if MaxSkew is 2, incoming pod can be
- scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ the global minimum. The global minimum is the minimum
+ number of matching pods in an eligible domain or zero
+ if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to
+ 1, and pods with the same labelSelector spread as
+ 2/2/1: In this case, the global minimum is 1. | zone1
+ | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3
+ to become 2/2/2; scheduling it onto zone1(zone2) would
+ make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto
+ any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies
that satisfy it. It''s a required field. Default value
is 1 and 0 is not allowed.'
format: int32
type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible domains
+ with matching topology keys is less than minDomains,
+ Pod Topology Spread treats \"global minimum\" as 0,
+ and then the calculation of Skew is performed. And
+ when the number of eligible domains with matching
+ topology keys equals or greater than minDomains, this
+ value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to
+ those domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are integers
+ greater than 0. When value is not nil, WhenUnsatisfiable
+ must be DoNotSchedule. \n For example, in a 3-zone
+ cluster, MaxSkew is set to 2, MinDomains is set to
+ 5 and pods with the same labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains),
+ so \"global minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod
+ is scheduled to any of the three zones, it will violate
+ MaxSkew. \n This is a beta field and requires the
+ MinDomainsInPodTopologySpread feature gate to be enabled
+ (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will
+ treat Pod's nodeAffinity/nodeSelector when calculating
+ pod topology spread skew. Options are: - Honor: only
+ nodes matching nodeAffinity/nodeSelector are included
+ in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a alpha-level feature
+ enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will
+ treat node taints when calculating pod topology spread
+ skew. Options are: - Honor: nodes without taints,
+ along with tainted nodes for which the incoming pod
+ has a toleration, are included. - Ignore: node taints
+ are ignored. All nodes are included. \n If this value
+ is nil, the behavior is equivalent to the Ignore policy.
+ This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
topologyKey:
description: TopologyKey is the key of node labels.
Nodes that have a label with this key and identical
values are considered to be in the same topology.
We consider each <key, value> as a "bucket", and try
- to put balanced number of pods into each bucket. It's
- a required field.
+ to put balanced number of pods into each bucket. We
+ define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose
+ nodes meet the requirements of nodeAffinityPolicy
+ and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal
with a pod if it doesn''t satisfy the spread constraint.
- DoNotSchedule (default) tells the scheduler not
to schedule it. - ScheduleAnyway tells the scheduler
- to schedule the pod in any location, but giving
- higher precedence to topologies that would help reduce
- the skew. A constraint is considered "Unsatisfiable"
- for an incoming pod if and only if every possible
- node assigment for that pod would violate "MaxSkew"
- on some topology. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
+ to schedule the pod in any location, but giving higher
+ precedence to topologies that would help reduce the
+ skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node
+ assignment for that pod would violate "MaxSkew" on
+ some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P
| P | P | If WhenUnsatisfiable is set to DoNotSchedule,
incoming pod can only be scheduled to zone2(zone3)
@@ -6006,76 +6869,76 @@
loaded into the solrCloud Pod
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an
+ description: 'awsElasticBlockStore represents an
AWS Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set
- the ReadOnly property in VolumeMounts to "true".
- If omitted, the default is "false". More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force
+ the readOnly setting in VolumeMounts. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk
- resource in AWS (Amazon EBS volume). More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data
+ description: azureDisk represents an Azure Data
Disk mount on the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read
- Only, Read Write.'
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the
- blob storage
+ description: diskName is the Name of the data
+ disk in the blob storage
type: string
diskURI:
- description: The URI the data disk in the blob
- storage
+ description: diskURI is the URI of data disk
+ in the blob storage
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple
- blob disks per storage account Dedicated:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed:
azure managed data disk (only in managed availability
set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
@@ -6084,55 +6947,58 @@
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File
+ description: azureFile represents an Azure File
Service mount on the host and bind mount to the
pod.
properties:
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains
- Azure Storage Account Name and Key
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name and
+ Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on
+ description: cephFS represents a Ceph FS mount on
the host that shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph tree,
+ default is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path
- to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default
+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference
- to the authentication secret for User, default
- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More
@@ -6141,33 +7007,36 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the
+ rados user name, default is admin More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume
+ description: 'cinder represents a cinder volume
attached and mounted on kubelets host machine.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points
+ to a secret object containing parameters used
+ to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More
@@ -6176,33 +7045,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the
+ description: 'volumeID used to identify the
volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that
+ description: configMap represents a configMap that
should populate this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items if unspecified, each key-value
pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -6218,29 +7088,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -6254,30 +7124,30 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents
+ description: csi (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
- description: Driver is the name of the CSI driver
+ description: driver is the name of the CSI driver
that handles this volume. Consult with your
admin for the correct name as registered in
the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI driver
- which will determine the default filesystem
- to apply.
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is
+ passed to the associated CSI driver which
+ will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
+ description: nodePublishSecretRef is a reference
to the secret object containing sensitive
information to pass to the CSI driver to complete
the CSI NodePublishVolume and NodeUnpublishVolume
@@ -6293,14 +7163,16 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults to
+ false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific
+ description: volumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for supported
values.
@@ -6309,7 +7181,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API
+ description: downwardAPI represents downward API
about the pod that should populate this volume
properties:
defaultMode:
@@ -6352,6 +7224,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used
to set permissions on this file, must
@@ -6402,66 +7275,63 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory
+ description: 'emptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which
- means to use the node''s default medium. Must
- be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of
+ storage medium should back this directory.
+ The default is "" which means to use the node''s
+ default medium. Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage
- required for this EmptyDir volume. The size
- limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir
- would be the minimum value between the SizeLimit
- specified here and the sum of memory limits
- of all containers in a pod. The default is
- nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the
+ sum of memory limits of all containers in
+ a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that
- is handled by a cluster storage driver (Alpha
- feature). The volume's lifecycle is tied to the
- pod that defines it - it will be created before
- the pod starts, and deleted when the pod is removed.
- \n Use this if: a) the volume is only needed while
- the pod runs, b) features of normal volumes like
- restoring from snapshot or capacity tracking
- are needed, c) the storage driver is specified
- through a storage class, and d) the storage driver
- supports dynamic volume provisioning through a
- PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim).
- \n Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than
- the lifecycle of an individual pod. \n Use CSI
- for light-weight local ephemeral volumes if the
- CSI driver is meant to be used that way - see
- the documentation of the driver for more information.
- \n A pod can use both types of ephemeral volumes
- and persistent volumes at the same time."
+ description: "ephemeral represents a volume that
+ is handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it -
+ it will be created before the pod starts, and
+ deleted when the pod is removed. \n Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the
+ storage driver is specified through a storage
+ class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information
+ on the connection between this volume type and
+ PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes
+ that persist for longer than the lifecycle of
+ an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of
+ the driver for more information. \n A pod can
+ use both types of ephemeral volumes and persistent
+ volumes at the same time."
properties:
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
volumeClaimTemplate:
description: "Will be used to create a stand-alone
PVC to provision the volume. The pod in which
@@ -6502,27 +7372,25 @@
are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the
+ description: 'accessModes contains the
desired access modes the volume should
have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used
- to specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
+ description: 'dataSource field can be
+ used to specify either: * An existing
+ VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that
- implements data population (Alpha)
- In order to use custom resource types
- that implement data population, the
- AnyVolumeDataSource feature gate must
- be enabled. If the provisioner or
- an external controller can support
- the specified data source, it will
- create a new volume based on the contents
- of the specified data source.'
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create a new
+ volume based on the contents of the
+ specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field
+ will always have the same contents
+ as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group
@@ -6545,10 +7413,72 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may be any
+ local object from a non-empty API
+ group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if
+ the type of the specified object matches
+ some installed volume populator or
+ dynamic provisioner. This field will
+ replace the functionality of the DataSource
+ field and as such if both fields are
+ non-empty, they must have the same
+ value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef)
+ will be set to the same value automatically
+ if one of them is empty and the other
+ is non-empty. There are two important
+ differences between DataSource and
+ DataSourceRef: * While DataSource
+ only allows two specific types of
+ objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores
+ disallowed values (dropping them),
+ DataSourceRef preserves all values,
+ and generates an error if a disallowed
+ value is specified. (Beta) Using this
+ field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the
+ description: 'resources represents the
minimum resources the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements that
+ are lower than previous value but
+ must still be higher than capacity
+ recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -6559,7 +7489,7 @@
x-kubernetes-int-or-string: true
description: 'Limits describes the
maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -6575,12 +7505,12 @@
defaults to Limits if that is
explicitly specified, otherwise
to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes
- to consider for binding.
+ description: selector is a label query
+ over volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is
@@ -6638,10 +7568,11 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass
- required by the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the
+ name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what
@@ -6650,7 +7581,7 @@
when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding
+ description: volumeName is the binding
reference to the PersistentVolume
backing this claim.
type: string
@@ -6660,36 +7591,37 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource
+ description: fc represents a Fibre Channel resource
that is attached to a kubelet's host machine and
then exposed to the pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors
+ in the filesystem from compromising the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun
+ number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide
- names (WWNs)'
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide
- identifiers (wwids) Either wwids or combination
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or combination
of targetWWNs and lun must be set, but not
both simultaneously.'
items:
@@ -6697,40 +7629,40 @@
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume
+ description: flexVolume represents a generic volume
resource that is provisioned/attached using an
exec based plugin.
properties:
driver:
- description: Driver is the name of the driver
+ description: driver is the name of the driver
to use for this volume.
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- The default filesystem depends on FlexVolume
- script.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options
- if any.'
+ description: 'options is Optional: this field
+ holds extra command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference
- to the secret object containing sensitive
- information to pass to the plugin scripts.
- This may be empty if no secret object is specified.
- If the secret object contains more than one
- secret, all secrets are passed to the plugin
- scripts.'
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret object
+ is specified. If the secret object contains
+ more than one secret, all secrets are passed
+ to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More
@@ -6739,57 +7671,59 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume
+ description: flocker represents a Flocker volume
attached to a kubelet's host machine. This depends
on the Flocker control service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should
- be considered as deprecated
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset
+ for Flocker should be considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a Flocker
+ dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE
+ description: 'gcePersistentDisk represents a GCE
Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ description: 'fsType is filesystem type of the
+ volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource
- in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD
+ resource in GCE. Used to identify the disk
+ in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
@@ -6797,7 +7731,7 @@
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository
+ description: 'gitRepo represents a git repository
at a particular revision. DEPRECATED: GitRepo
is deprecated. To provision a container with a
git repo, mount an EmptyDir into an InitContainer
@@ -6805,38 +7739,39 @@
EmptyDir into the Pod''s container.'
properties:
directory:
- description: Target directory name. Must not
- contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the
- git repository in the subdirectory with the
- given name.
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will
+ be the git repository. Otherwise, if specified,
+ the volume will contain the git repository
+ in the subdirectory with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for
+ the specified revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
+ description: 'glusterfs represents a Glusterfs mount
on the host that shares a pod''s lifetime. More
info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint
- name that details Glusterfs topology. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: 'endpoints is the endpoint name
+ that details Glusterfs topology. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path.
+ description: 'path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs
+ description: 'readOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -6845,7 +7780,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing
+ description: 'hostPath represents a pre-existing
file or directory on the host machine that is
directly exposed to the container. This is generally
used for system agents or other privileged things
@@ -6856,74 +7791,76 @@
mount host directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host.
+ description: 'path of the directory on the host.
If the path is a symlink, it will follow the
link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults
+ description: 'type for HostPath Volume Defaults
to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
+ description: 'iscsi represents an ISCSI Disk resource
that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery
- CHAP authentication
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If
- initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface <target
- portal>:<volume name> will be created for
- the connection.
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new iSCSI
+ interface <target portal>:<volume name> will
+ be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified
+ Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses
- an iSCSI transport. Defaults to 'default'
- (tcp).
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun
+ number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly
+ description: readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and
- initiator authentication
+ description: secretRef is the CHAP Secret for
+ iSCSI target and initiator authentication
properties:
name:
description: 'Name of the referent. More
@@ -6932,11 +7869,12 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
type: string
required:
- iqn
@@ -6944,21 +7882,21 @@
- targetPortal
type: object
nfs:
- description: 'NFS represents an NFS mount on the
+ description: 'nfs represents an NFS mount on the
host that shares a pod''s lifetime More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS
+ description: 'path that is exported by the NFS
server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS
+ description: 'readOnly here will force the NFS
export to be mounted with read-only permissions.
Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address
+ description: 'server is the hostname or IP address
of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -6966,97 +7904,98 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource
+ description: 'persistentVolumeClaimVolumeSource
represents a reference to a PersistentVolumeClaim
in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this
volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting
- in VolumeMounts. Default false.
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets
host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller
- persistent disk
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx
+ description: portworxVolume represents a portworx
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem
+ description: fSType represents the filesystem
type to mount Must be a filesystem type supported
by the host operating system. Ex. "ext4",
"xfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a
+ description: volumeID uniquely identifies a
Portworx volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options that
- affect the file mode, like fsGroup, and the
- result can be other mode bits set.
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
- description: information about the configMap
- data to project
+ description: configMap information about
+ the configMap data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced ConfigMap will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced ConfigMap
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
the listed keys will be projected
into the specified paths, and unlisted
keys will not be present. If a key
@@ -7071,11 +8010,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -7092,9 +8032,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -7111,13 +8051,15 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
+ description: optional specify whether
+ the ConfigMap or its keys must be
+ defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI
- data to project
+ description: downwardAPI information about
+ the downwardAPI data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -7147,6 +8089,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode
bits used to set permissions
@@ -7205,24 +8148,25 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret
- data to project
+ description: secret information about
+ the secret data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced Secret will be
- projected into the volume as a file
- whose name is the key and content
- is the value. If specified, the
- listed keys will be projected into
- the specified paths, and unlisted
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced Secret will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
keys will not be present. If a key
is specified which is not present
in the Secret, the volume setup
@@ -7235,11 +8179,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -7256,9 +8201,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -7275,16 +8220,19 @@
kind, uid?'
type: string
optional:
- description: Specify whether the Secret
- or its key must be defined
+ description: optional field specify
+ whether the Secret or its key must
+ be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to
+ project
properties:
audience:
- description: Audience is the intended
+ description: audience is the intended
audience of the token. A recipient
of a token must identify itself
with an identifier specified in
@@ -7294,7 +8242,7 @@
apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is
+ description: expirationSeconds is
the requested duration of validity
of the service account token. As
the token approaches expiration,
@@ -7309,7 +8257,7 @@
format: int64
type: integer
path:
- description: Path is the path relative
+ description: path is the path relative
to the mount point of the file to
project the token into.
type: string
@@ -7320,37 +8268,37 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount
+ description: quobyte represents a Quobyte mount
on the host that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default
+ description: group to map volume access to Default
is no group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte
+ description: readOnly here will force the Quobyte
volume to be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
- description: Registry represents a single or
+ description: registry represents a single or
multiple Quobyte Registry services specified
as a string as host:port pair (multiple entries
are separated with commas) which acts as the
central registry for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte
+ description: tenant owning the given Quobyte
volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set
by the plugin
type: string
user:
- description: User to map volume access to Defaults
+ description: user to map volume access to Defaults
to serivceaccount user
type: string
volume:
- description: Volume is a string that references
+ description: volume is a string that references
an already created Quobyte volume by name.
type: string
required:
@@ -7358,46 +8306,46 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device
+ description: 'rbd represents a Rados Block Device
mount on the host that shares a pod''s lifetime.
More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
image:
- description: 'The rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring
+ description: 'keyring is the path to key ring
for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication
+ description: 'secretRef is name of the authentication
secret for RBDUser. If provided overrides
keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -7408,39 +8356,41 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent
+ description: scaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO
- API Gateway.
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
+ description: protectionDomain is the name of
+ the ScaleIO Protection Domain for the configured
+ storage.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret
+ description: secretRef references to the secret
for ScaleIO user and other sensitive information.
If this is not provided, Login operation will
fail.
@@ -7452,27 +8402,28 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for
- a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
+ description: storageMode indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
type: string
system:
- description: The name of the storage system
- as configured in ScaleIO.
+ description: system is the name of the storage
+ system as configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that
+ is associated with this volume source.
type: string
required:
- gateway
@@ -7480,25 +8431,25 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should
+ description: 'secret represents a secret that should
populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is Optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items If unspecified, each key-value
pair in the Data field of the referenced Secret
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -7514,29 +8465,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -7544,31 +8495,33 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its
- keys must be defined
+ description: optional field specify whether
+ the Secret or its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s
- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the
+ secret in the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume
+ description: storageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret
+ description: secretRef specifies the secret
to use for obtaining the StorageOS API credentials. If
not specified, default values will be attempted.
properties:
@@ -7579,13 +8532,14 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable
+ description: volumeName is the human-readable
name of the StorageOS volume. Volume names
are only unique within a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope
+ description: volumeNamespace specifies the scope
of the volume within StorageOS. If no namespace
is specified then the Pod's namespace will
be used. This allows the Kubernetes name
@@ -7598,26 +8552,28 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere
+ description: vsphereVolume represents a vSphere
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management
- (SPBM) profile name.
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume
- vmdk
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
type: string
required:
- volumePath
@@ -7672,22 +8628,23 @@
the emptydir volume that will store Solr data.
properties:
medium:
- description: 'What type of storage medium should back
- this directory. The default is "" which means to use
- the node''s default medium. Must be an empty string
- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which
+ means to use the node''s default medium. Must be an
+ empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required for
- this EmptyDir volume. The size limit is also applicable
- for memory medium. The maximum usage on memory medium
- EmptyDir would be the minimum value between the SizeLimit
- specified here and the sum of memory limits of all containers
- in a pod. The default is nil which means that the limit
- is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is
+ also applicable for memory medium. The maximum usage
+ on memory medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the sum of
+ memory limits of all containers in a pod. The default
+ is nil which means that the limit is undefined. More
+ info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
@@ -7698,12 +8655,12 @@
otherwise hostPath takes precedence over EmptyDir."
properties:
path:
- description: 'Path of the directory on the host. If the
+ description: 'path of the directory on the host. If the
path is a symlink, it will follow the link to the real
path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults to ""
+ description: 'type for HostPath Volume Defaults to ""
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
@@ -7762,22 +8719,21 @@
as in a PersistentVolumeClaim are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) * An existing
- custom resource that implements data population
- (Alpha) In order to use custom resource types that
- implement data population, the AnyVolumeDataSource
- feature gate must be enabled. If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source.'
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have the same
+ contents as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -7798,9 +8754,59 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object) or
+ a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed if
+ the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field
+ will replace the functionality of the DataSource
+ field and as such if both fields are non-empty,
+ they must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will
+ be set to the same value automatically if one of
+ them is empty and the other is non-empty. There
+ are two important differences between DataSource
+ and DataSourceRef: * While DataSource only allows
+ two specific types of objects, DataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed values
+ (dropping them), DataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -7810,7 +8816,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -7824,12 +8830,12 @@
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider
- for binding.
+ description: selector is a label query over volumes
+ to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -7875,9 +8881,10 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required by
- the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume
@@ -7885,20 +8892,20 @@
implied when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference to
+ description: volumeName is the binding reference to
the PersistentVolume backing this claim.
type: string
type: object
type: object
reclaimPolicy:
description: 'VolumeReclaimPolicy determines how the Solr
- Cloud''s PVCs will be treated after the cloud is deleted. -
- Retain: This is the default Kubernetes policy, where PVCs
+ Cloud''s PVCs will be treated after the cloud is deleted.
+ - Retain: This is the default Kubernetes policy, where PVCs
created for StatefulSets are not deleted when the StatefulSet
- is deleted. - Delete: The PVCs will be deleted by the
- Solr Operator after the SolrCloud object is deleted. The
- default value is Retain, so no data will be deleted unless
- explicitly configured.'
+ is deleted. - Delete: The PVCs will be deleted by the Solr
+ Operator after the SolrCloud object is deleted. The default
+ value is Retain, so no data will be deleted unless explicitly
+ configured.'
enum:
- Retain
- Delete
@@ -8086,6 +9093,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
mountedTLSDir:
description: Used to specify a path where the keystore, truststore,
and password files for the TLS certificate are mounted by an
@@ -8139,6 +9147,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
restartOnTLSSecretUpdate:
description: Opt-in flag to restart Solr pods after TLS secret
updates, such as if the cert is renewed; default is false. This
@@ -8166,6 +9175,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
trustStoreSecret:
description: TLS Secret containing a pkcs12 truststore; if not
provided, then the keystore and password are used for the truststore
@@ -8187,6 +9197,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
verifyClientHostname:
description: Verify client's hostname during SSL handshake Only
applies for server configuration
@@ -8284,6 +9295,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
probesRequireAuth:
description: Flag to indicate if the configured HTTP endpoint(s)
used for the probes require authentication; defaults to false.
@@ -8331,6 +9343,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
mountedTLSDir:
description: Used to specify a path where the keystore, truststore,
and password files for the TLS certificate are mounted by an
@@ -8384,6 +9397,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
restartOnTLSSecretUpdate:
description: Opt-in flag to restart Solr pods after TLS secret
updates, such as if the cert is renewed; default is false. This
@@ -8411,6 +9425,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
trustStoreSecret:
description: TLS Secret containing a pkcs12 truststore; if not
provided, then the keystore and password are used for the truststore
@@ -8432,6 +9447,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
verifyClientHostname:
description: Verify client's hostname during SSL handshake Only
applies for server configuration
@@ -8483,11 +9499,11 @@
type: string
restartSchedule:
description: "Perform a scheduled restart on the given schedule,
- in CRON format. \n Multiple CRON syntaxes are supported -
- Standard CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined
- Schedules (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals
- (e.g. \"@every 10h30m\") \n For more information please check
- this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
+ in CRON format. \n Multiple CRON syntaxes are supported - Standard
+ CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
+ (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every
+ 10h30m\") \n For more information please check this reference:
+ https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
type: string
type: object
zookeeperRef:
@@ -8565,9 +9581,9 @@
provided:
description: 'Create a new Zookeeper Ensemble with the following
spec Note: This option will not allow the SolrCloud to run across
- kube-clusters. Note: Requires - The zookeeperOperator flag
- to be provided to the Solr Operator - A zookeeper operator
- to be running'
+ kube-clusters. Note: Requires - The zookeeperOperator flag to
+ be provided to the Solr Operator - A zookeeper operator to be
+ running'
properties:
acl:
description: ZooKeeper ACL to use when connecting with ZK.
@@ -8701,23 +9717,24 @@
storage required for this EmptyDir volume.
properties:
medium:
- description: 'What type of storage medium should back
- this directory. The default is "" which means to
- use the node''s default medium. Must be an empty
- string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage
+ medium should back this directory. The default is
+ "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required
- for this EmptyDir volume. The size limit is also
- applicable for memory medium. The maximum usage
- on memory medium EmptyDir would be the minimum value
- between the SizeLimit specified here and the sum
- of memory limits of all containers in a pod. The
- default is nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The size
+ limit is also applicable for memory medium. The
+ maximum usage on memory medium EmptyDir would be
+ the minimum value between the SizeLimit specified
+ here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the
+ limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
@@ -8764,22 +9781,21 @@
get created.
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) * An existing
- custom resource that implements data population
- (Alpha) In order to use custom resource types that
- implement data population, the AnyVolumeDataSource
- feature gate must be enabled. If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source.'
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have the same
+ contents as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -8800,9 +9816,59 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object) or
+ a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed if
+ the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field
+ will replace the functionality of the DataSource
+ field and as such if both fields are non-empty,
+ they must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will
+ be set to the same value automatically if one of
+ them is empty and the other is non-empty. There
+ are two important differences between DataSource
+ and DataSourceRef: * While DataSource only allows
+ two specific types of objects, DataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed values
+ (dropping them), DataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -8812,7 +9878,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -8826,12 +9892,12 @@
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider
- for binding.
+ description: selector is a label query over volumes
+ to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -8877,9 +9943,10 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required by
- the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume
@@ -8887,7 +9954,7 @@
implied when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference to
+ description: volumeName is the binding reference to
the PersistentVolume backing this claim.
type: string
type: object
@@ -9038,6 +10105,7 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in
@@ -9151,10 +10219,12 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules
@@ -9245,11 +10315,84 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies
- to (matches against); null or empty
- list means "this pod's namespace"
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
items:
type: string
type: array
@@ -9356,11 +10499,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -9469,11 +10678,84 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies
- to (matches against); null or empty
- list means "this pod's namespace"
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
items:
type: string
type: array
@@ -9580,11 +10862,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -9624,14 +10972,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME) are
- expanded using the previous defined environment
+ expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved, the
reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -9656,6 +11006,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -9674,6 +11025,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -9700,6 +11052,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the
pod's namespace
@@ -9721,6 +11074,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -9741,6 +11095,7 @@
uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
labels:
additionalProperties:
@@ -9765,7 +11120,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -9778,7 +11133,7 @@
of compute resources required. If Requests is omitted
for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
@@ -9794,7 +11149,8 @@
created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n
If unset, the Kubelet will not modify the ownership
- and permissions of any volume."
+ and permissions of any volume. Note that this field
+ cannot be set when spec.os.name is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -9805,7 +11161,9 @@
based ownership(and permissions). It will have no
effect on ephemeral volume types such as: secret,
configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.'
+ and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name
+ is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the
@@ -9813,7 +11171,8 @@
May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for
- that container.
+ that container. Note that this field cannot be set
+ when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -9832,7 +11191,8 @@
image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -9842,7 +11202,8 @@
container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
- for that container.
+ for that container. Note that this field cannot
+ be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that
@@ -9863,7 +11224,8 @@
type: object
seccompProfile:
description: The seccomp options to use by the containers
- in this pod.
+ in this pod. Note that this field cannot be set
+ when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -9888,7 +11250,8 @@
description: A list of groups applied to the first
process run in each container, in addition to the
container's primary GID. If unspecified, no groups
- will be added to any container.
+ will be added to any container. Note that this field
+ cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -9897,6 +11260,8 @@
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls
(by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name
+ is windows.
items:
description: Sysctl defines a kernel parameter to
be set
@@ -9918,6 +11283,8 @@
a container's SecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
@@ -9929,6 +11296,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored
+ by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run the
entrypoint of the container process. Defaults
@@ -10175,9 +11556,3 @@
specReplicasPath: .spec.replicas
statusReplicasPath: .status.readyReplicas
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml b/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml
index 18edae0..ce06898 100644
--- a/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml
+++ b/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml
@@ -12,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -20,7 +19,7 @@
annotations:
operator.solr.apache.org/version: v0.7.0-prerelease
argocd.argoproj.io/sync-options: Replace=true
- controller-gen.kubebuilder.io/version: v0.6.0
+ controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: solrprometheusexporters.solr.apache.org
spec:
@@ -232,6 +231,7 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in the
@@ -338,10 +338,12 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
@@ -426,11 +428,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -532,10 +600,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -637,11 +768,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -743,10 +940,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -784,7 +1044,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -797,7 +1057,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
envVars:
@@ -813,14 +1073,15 @@
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in
- the container and any service environment variables.
+ using the previously defined environment variables
+ in the container and any service environment variables.
If a variable cannot be resolved, the reference in
- the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to
- "".'
+ the input string will be unchanged. Double $$ are
+ reduced to a single $, which allows for escaping the
+ $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -845,6 +1106,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -863,6 +1125,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -888,6 +1151,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
@@ -909,6 +1173,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -928,6 +1193,7 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
initContainers:
description: Additional init containers to run in the pod.
@@ -938,29 +1204,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -977,14 +1246,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -1009,6 +1280,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -1028,6 +1300,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -1054,6 +1327,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -1076,6 +1350,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -1108,6 +1383,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -1126,10 +1402,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -1154,9 +1431,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -1221,10 +1496,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -1249,20 +1525,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -1327,10 +1600,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -1356,8 +1630,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -1379,6 +1652,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -1444,9 +1737,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -1463,6 +1755,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -1477,13 +1788,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -1531,8 +1842,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -1554,6 +1864,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -1619,9 +1949,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -1638,6 +1967,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -1647,7 +1995,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -1657,7 +2005,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -1670,13 +2018,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -1685,12 +2034,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -1710,7 +2061,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -1718,11 +2071,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -1730,6 +2085,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -1749,7 +2106,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -1759,6 +2117,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -1781,7 +2141,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -1809,6 +2170,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -1820,6 +2183,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -1843,8 +2220,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -1866,6 +2242,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -1931,9 +2327,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -1950,6 +2345,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -2095,8 +2509,7 @@
the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2158,9 +2571,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2183,18 +2598,17 @@
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption,
resource contention, etc. The handler is not called
- if the container crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination grace
- period countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
+ if the container crashes or exits. The Pod''s termination
+ grace period countdown begins before the PreStop hook
+ is executed. Regardless of the outcome of the handler,
the container will eventually terminate within the Pod''s
- termination grace period. Other management of the container
- blocks until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ termination grace period (unless delayed by finalizers).
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2256,9 +2670,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -2281,8 +2697,7 @@
description: Liveness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2303,6 +2718,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2366,9 +2800,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2385,6 +2818,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -2410,7 +2861,8 @@
in the volume will be owned by FSGroup) 3. The permission
bits are OR'd with rw-rw---- \n If unset, the Kubelet
will not modify the ownership and permissions of any
- volume."
+ volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -2421,14 +2873,16 @@
permissions). It will have no effect on ephemeral volume
types such as: secret, configmaps and emptydir. Valid
values are "OnRootMismatch" and "Always". If not specified,
- "Always" is used.'
+ "Always" is used. Note that this field cannot be set
+ when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -2447,7 +2901,8 @@
if unspecified. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
- for that container.
+ for that container. Note that this field cannot be set
+ when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -2456,7 +2911,8 @@
allocate a random SELinux context for each container. May
also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -2477,7 +2933,8 @@
type: object
seccompProfile:
description: The seccomp options to use by the containers
- in this pod.
+ in this pod. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -2502,7 +2959,8 @@
description: A list of groups applied to the first process
run in each container, in addition to the container's
primary GID. If unspecified, no groups will be added
- to any container.
+ to any container. Note that this field cannot be set
+ when spec.os.name is windows.
items:
format: int64
type: integer
@@ -2510,7 +2968,8 @@
sysctls:
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls (by
- the container runtime) might fail to launch.
+ the container runtime) might fail to launch. Note that
+ this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be
set
@@ -2531,7 +2990,8 @@
all containers. If unspecified, the options within a
container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence.
+ specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
@@ -2543,6 +3003,19 @@
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. This
+ field is alpha-level and will only be honored by
+ components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod.
+ All of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
@@ -2560,8 +3033,7 @@
description: Readiness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -2582,6 +3054,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -2645,9 +3136,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -2664,6 +3154,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -2683,7 +3191,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -2696,7 +3204,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
serviceAccountName:
@@ -2710,29 +3218,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -2749,14 +3260,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -2781,6 +3294,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -2800,6 +3314,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -2826,6 +3341,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -2848,6 +3364,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -2880,6 +3397,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -2898,10 +3416,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -2926,9 +3445,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -2993,10 +3510,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -3021,20 +3539,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -3099,10 +3614,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -3128,8 +3644,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3151,6 +3666,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3216,9 +3751,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3235,6 +3769,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3249,13 +3802,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -3303,8 +3856,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3326,6 +3878,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3391,9 +3963,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3410,6 +3981,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3419,7 +4009,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -3429,7 +4019,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -3442,13 +4032,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -3457,12 +4048,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3482,7 +4075,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -3490,11 +4085,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -3502,6 +4099,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3521,7 +4120,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3531,6 +4131,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -3553,7 +4155,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -3581,6 +4184,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -3592,6 +4197,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -3615,8 +4234,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3638,6 +4256,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3703,9 +4341,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3722,6 +4359,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3855,8 +4511,7 @@
description: Startup probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -3877,6 +4532,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -3940,9 +4614,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -3959,6 +4632,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -4072,44 +4763,120 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming
+ pod labels, those key-value labels are ANDed with
+ labelSelector to select the group of existing pods
+ over which spreading will be calculated for the incoming
+ pod. Keys that don't exist in the incoming pod labels
+ will be ignored. A null or empty list means only match
+ against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which
pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the
number of matching pods in the target topology and
- the global minimum. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
- spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- - if MaxSkew is 1, incoming pod can only be scheduled
- to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
- would make the ActualSkew(2-0) on zone1(zone2) violate
- MaxSkew(1). - if MaxSkew is 2, incoming pod can be
- scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ the global minimum. The global minimum is the minimum
+ number of matching pods in an eligible domain or zero
+ if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to
+ 1, and pods with the same labelSelector spread as
+ 2/2/1: In this case, the global minimum is 1. | zone1
+ | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3
+ to become 2/2/2; scheduling it onto zone1(zone2) would
+ make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto
+ any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies
that satisfy it. It''s a required field. Default value
is 1 and 0 is not allowed.'
format: int32
type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible domains
+ with matching topology keys is less than minDomains,
+ Pod Topology Spread treats \"global minimum\" as 0,
+ and then the calculation of Skew is performed. And
+ when the number of eligible domains with matching
+ topology keys equals or greater than minDomains, this
+ value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to
+ those domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are integers
+ greater than 0. When value is not nil, WhenUnsatisfiable
+ must be DoNotSchedule. \n For example, in a 3-zone
+ cluster, MaxSkew is set to 2, MinDomains is set to
+ 5 and pods with the same labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains),
+ so \"global minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod
+ is scheduled to any of the three zones, it will violate
+ MaxSkew. \n This is a beta field and requires the
+ MinDomainsInPodTopologySpread feature gate to be enabled
+ (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will
+ treat Pod's nodeAffinity/nodeSelector when calculating
+ pod topology spread skew. Options are: - Honor: only
+ nodes matching nodeAffinity/nodeSelector are included
+ in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a alpha-level feature
+ enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will
+ treat node taints when calculating pod topology spread
+ skew. Options are: - Honor: nodes without taints,
+ along with tainted nodes for which the incoming pod
+ has a toleration, are included. - Ignore: node taints
+ are ignored. All nodes are included. \n If this value
+ is nil, the behavior is equivalent to the Ignore policy.
+ This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
topologyKey:
description: TopologyKey is the key of node labels.
Nodes that have a label with this key and identical
values are considered to be in the same topology.
We consider each <key, value> as a "bucket", and try
- to put balanced number of pods into each bucket. It's
- a required field.
+ to put balanced number of pods into each bucket. We
+ define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose
+ nodes meet the requirements of nodeAffinityPolicy
+ and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal
with a pod if it doesn''t satisfy the spread constraint.
- DoNotSchedule (default) tells the scheduler not
to schedule it. - ScheduleAnyway tells the scheduler
- to schedule the pod in any location, but giving
- higher precedence to topologies that would help reduce
- the skew. A constraint is considered "Unsatisfiable"
- for an incoming pod if and only if every possible
- node assigment for that pod would violate "MaxSkew"
- on some topology. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
+ to schedule the pod in any location, but giving higher
+ precedence to topologies that would help reduce the
+ skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node
+ assignment for that pod would violate "MaxSkew" on
+ some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P
| P | P | If WhenUnsatisfiable is set to DoNotSchedule,
incoming pod can only be scheduled to zone2(zone3)
@@ -4185,76 +4952,76 @@
loaded into the solrCloud Pod
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an
+ description: 'awsElasticBlockStore represents an
AWS Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set
- the ReadOnly property in VolumeMounts to "true".
- If omitted, the default is "false". More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force
+ the readOnly setting in VolumeMounts. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk
- resource in AWS (Amazon EBS volume). More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data
+ description: azureDisk represents an Azure Data
Disk mount on the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read
- Only, Read Write.'
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the
- blob storage
+ description: diskName is the Name of the data
+ disk in the blob storage
type: string
diskURI:
- description: The URI the data disk in the blob
- storage
+ description: diskURI is the URI of data disk
+ in the blob storage
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple
- blob disks per storage account Dedicated:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed:
azure managed data disk (only in managed availability
set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
@@ -4263,55 +5030,58 @@
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File
+ description: azureFile represents an Azure File
Service mount on the host and bind mount to the
pod.
properties:
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains
- Azure Storage Account Name and Key
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name and
+ Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on
+ description: cephFS represents a Ceph FS mount on
the host that shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph tree,
+ default is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path
- to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default
+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference
- to the authentication secret for User, default
- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More
@@ -4320,33 +5090,36 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the
+ rados user name, default is admin More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume
+ description: 'cinder represents a cinder volume
attached and mounted on kubelets host machine.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points
+ to a secret object containing parameters used
+ to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More
@@ -4355,33 +5128,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the
+ description: 'volumeID used to identify the
volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that
+ description: configMap represents a configMap that
should populate this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items if unspecified, each key-value
pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -4397,29 +5171,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -4433,30 +5207,30 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents
+ description: csi (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
- description: Driver is the name of the CSI driver
+ description: driver is the name of the CSI driver
that handles this volume. Consult with your
admin for the correct name as registered in
the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI driver
- which will determine the default filesystem
- to apply.
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is
+ passed to the associated CSI driver which
+ will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
+ description: nodePublishSecretRef is a reference
to the secret object containing sensitive
information to pass to the CSI driver to complete
the CSI NodePublishVolume and NodeUnpublishVolume
@@ -4472,14 +5246,16 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults to
+ false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific
+ description: volumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for supported
values.
@@ -4488,7 +5264,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API
+ description: downwardAPI represents downward API
about the pod that should populate this volume
properties:
defaultMode:
@@ -4531,6 +5307,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used
to set permissions on this file, must
@@ -4581,66 +5358,63 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory
+ description: 'emptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which
- means to use the node''s default medium. Must
- be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of
+ storage medium should back this directory.
+ The default is "" which means to use the node''s
+ default medium. Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage
- required for this EmptyDir volume. The size
- limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir
- would be the minimum value between the SizeLimit
- specified here and the sum of memory limits
- of all containers in a pod. The default is
- nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the
+ sum of memory limits of all containers in
+ a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that
- is handled by a cluster storage driver (Alpha
- feature). The volume's lifecycle is tied to the
- pod that defines it - it will be created before
- the pod starts, and deleted when the pod is removed.
- \n Use this if: a) the volume is only needed while
- the pod runs, b) features of normal volumes like
- restoring from snapshot or capacity tracking
- are needed, c) the storage driver is specified
- through a storage class, and d) the storage driver
- supports dynamic volume provisioning through a
- PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim).
- \n Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than
- the lifecycle of an individual pod. \n Use CSI
- for light-weight local ephemeral volumes if the
- CSI driver is meant to be used that way - see
- the documentation of the driver for more information.
- \n A pod can use both types of ephemeral volumes
- and persistent volumes at the same time."
+ description: "ephemeral represents a volume that
+ is handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it -
+ it will be created before the pod starts, and
+ deleted when the pod is removed. \n Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the
+ storage driver is specified through a storage
+ class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information
+ on the connection between this volume type and
+ PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes
+ that persist for longer than the lifecycle of
+ an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of
+ the driver for more information. \n A pod can
+ use both types of ephemeral volumes and persistent
+ volumes at the same time."
properties:
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
volumeClaimTemplate:
description: "Will be used to create a stand-alone
PVC to provision the volume. The pod in which
@@ -4681,27 +5455,25 @@
are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the
+ description: 'accessModes contains the
desired access modes the volume should
have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used
- to specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
+ description: 'dataSource field can be
+ used to specify either: * An existing
+ VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that
- implements data population (Alpha)
- In order to use custom resource types
- that implement data population, the
- AnyVolumeDataSource feature gate must
- be enabled. If the provisioner or
- an external controller can support
- the specified data source, it will
- create a new volume based on the contents
- of the specified data source.'
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create a new
+ volume based on the contents of the
+ specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field
+ will always have the same contents
+ as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group
@@ -4724,10 +5496,72 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may be any
+ local object from a non-empty API
+ group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if
+ the type of the specified object matches
+ some installed volume populator or
+ dynamic provisioner. This field will
+ replace the functionality of the DataSource
+ field and as such if both fields are
+ non-empty, they must have the same
+ value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef)
+ will be set to the same value automatically
+ if one of them is empty and the other
+ is non-empty. There are two important
+ differences between DataSource and
+ DataSourceRef: * While DataSource
+ only allows two specific types of
+ objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores
+ disallowed values (dropping them),
+ DataSourceRef preserves all values,
+ and generates an error if a disallowed
+ value is specified. (Beta) Using this
+ field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the
+ description: 'resources represents the
minimum resources the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements that
+ are lower than previous value but
+ must still be higher than capacity
+ recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -4738,7 +5572,7 @@
x-kubernetes-int-or-string: true
description: 'Limits describes the
maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -4754,12 +5588,12 @@
defaults to Limits if that is
explicitly specified, otherwise
to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes
- to consider for binding.
+ description: selector is a label query
+ over volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is
@@ -4817,10 +5651,11 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass
- required by the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the
+ name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what
@@ -4829,7 +5664,7 @@
when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding
+ description: volumeName is the binding
reference to the PersistentVolume
backing this claim.
type: string
@@ -4839,36 +5674,37 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource
+ description: fc represents a Fibre Channel resource
that is attached to a kubelet's host machine and
then exposed to the pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors
+ in the filesystem from compromising the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun
+ number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide
- names (WWNs)'
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide
- identifiers (wwids) Either wwids or combination
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or combination
of targetWWNs and lun must be set, but not
both simultaneously.'
items:
@@ -4876,40 +5712,40 @@
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume
+ description: flexVolume represents a generic volume
resource that is provisioned/attached using an
exec based plugin.
properties:
driver:
- description: Driver is the name of the driver
+ description: driver is the name of the driver
to use for this volume.
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- The default filesystem depends on FlexVolume
- script.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options
- if any.'
+ description: 'options is Optional: this field
+ holds extra command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference
- to the secret object containing sensitive
- information to pass to the plugin scripts.
- This may be empty if no secret object is specified.
- If the secret object contains more than one
- secret, all secrets are passed to the plugin
- scripts.'
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret object
+ is specified. If the secret object contains
+ more than one secret, all secrets are passed
+ to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More
@@ -4918,57 +5754,59 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume
+ description: flocker represents a Flocker volume
attached to a kubelet's host machine. This depends
on the Flocker control service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should
- be considered as deprecated
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset
+ for Flocker should be considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a Flocker
+ dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE
+ description: 'gcePersistentDisk represents a GCE
Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ description: 'fsType is filesystem type of the
+ volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource
- in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD
+ resource in GCE. Used to identify the disk
+ in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
@@ -4976,7 +5814,7 @@
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository
+ description: 'gitRepo represents a git repository
at a particular revision. DEPRECATED: GitRepo
is deprecated. To provision a container with a
git repo, mount an EmptyDir into an InitContainer
@@ -4984,38 +5822,39 @@
EmptyDir into the Pod''s container.'
properties:
directory:
- description: Target directory name. Must not
- contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the
- git repository in the subdirectory with the
- given name.
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will
+ be the git repository. Otherwise, if specified,
+ the volume will contain the git repository
+ in the subdirectory with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for
+ the specified revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
+ description: 'glusterfs represents a Glusterfs mount
on the host that shares a pod''s lifetime. More
info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint
- name that details Glusterfs topology. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: 'endpoints is the endpoint name
+ that details Glusterfs topology. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path.
+ description: 'path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs
+ description: 'readOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -5024,7 +5863,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing
+ description: 'hostPath represents a pre-existing
file or directory on the host machine that is
directly exposed to the container. This is generally
used for system agents or other privileged things
@@ -5035,74 +5874,76 @@
mount host directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host.
+ description: 'path of the directory on the host.
If the path is a symlink, it will follow the
link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults
+ description: 'type for HostPath Volume Defaults
to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
+ description: 'iscsi represents an ISCSI Disk resource
that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery
- CHAP authentication
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If
- initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface <target
- portal>:<volume name> will be created for
- the connection.
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new iSCSI
+ interface <target portal>:<volume name> will
+ be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified
+ Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses
- an iSCSI transport. Defaults to 'default'
- (tcp).
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun
+ number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly
+ description: readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and
- initiator authentication
+ description: secretRef is the CHAP Secret for
+ iSCSI target and initiator authentication
properties:
name:
description: 'Name of the referent. More
@@ -5111,11 +5952,12 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
type: string
required:
- iqn
@@ -5123,21 +5965,21 @@
- targetPortal
type: object
nfs:
- description: 'NFS represents an NFS mount on the
+ description: 'nfs represents an NFS mount on the
host that shares a pod''s lifetime More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS
+ description: 'path that is exported by the NFS
server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS
+ description: 'readOnly here will force the NFS
export to be mounted with read-only permissions.
Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address
+ description: 'server is the hostname or IP address
of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -5145,97 +5987,98 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource
+ description: 'persistentVolumeClaimVolumeSource
represents a reference to a PersistentVolumeClaim
in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this
volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting
- in VolumeMounts. Default false.
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets
host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller
- persistent disk
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx
+ description: portworxVolume represents a portworx
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem
+ description: fSType represents the filesystem
type to mount Must be a filesystem type supported
by the host operating system. Ex. "ext4",
"xfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a
+ description: volumeID uniquely identifies a
Portworx volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options that
- affect the file mode, like fsGroup, and the
- result can be other mode bits set.
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
- description: information about the configMap
- data to project
+ description: configMap information about
+ the configMap data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced ConfigMap will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced ConfigMap
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
the listed keys will be projected
into the specified paths, and unlisted
keys will not be present. If a key
@@ -5250,11 +6093,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -5271,9 +6115,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -5290,13 +6134,15 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
+ description: optional specify whether
+ the ConfigMap or its keys must be
+ defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI
- data to project
+ description: downwardAPI information about
+ the downwardAPI data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -5326,6 +6172,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode
bits used to set permissions
@@ -5384,24 +6231,25 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret
- data to project
+ description: secret information about
+ the secret data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced Secret will be
- projected into the volume as a file
- whose name is the key and content
- is the value. If specified, the
- listed keys will be projected into
- the specified paths, and unlisted
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced Secret will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
keys will not be present. If a key
is specified which is not present
in the Secret, the volume setup
@@ -5414,11 +6262,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -5435,9 +6284,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -5454,16 +6303,19 @@
kind, uid?'
type: string
optional:
- description: Specify whether the Secret
- or its key must be defined
+ description: optional field specify
+ whether the Secret or its key must
+ be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to
+ project
properties:
audience:
- description: Audience is the intended
+ description: audience is the intended
audience of the token. A recipient
of a token must identify itself
with an identifier specified in
@@ -5473,7 +6325,7 @@
apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is
+ description: expirationSeconds is
the requested duration of validity
of the service account token. As
the token approaches expiration,
@@ -5488,7 +6340,7 @@
format: int64
type: integer
path:
- description: Path is the path relative
+ description: path is the path relative
to the mount point of the file to
project the token into.
type: string
@@ -5499,37 +6351,37 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount
+ description: quobyte represents a Quobyte mount
on the host that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default
+ description: group to map volume access to Default
is no group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte
+ description: readOnly here will force the Quobyte
volume to be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
- description: Registry represents a single or
+ description: registry represents a single or
multiple Quobyte Registry services specified
as a string as host:port pair (multiple entries
are separated with commas) which acts as the
central registry for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte
+ description: tenant owning the given Quobyte
volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set
by the plugin
type: string
user:
- description: User to map volume access to Defaults
+ description: user to map volume access to Defaults
to serivceaccount user
type: string
volume:
- description: Volume is a string that references
+ description: volume is a string that references
an already created Quobyte volume by name.
type: string
required:
@@ -5537,46 +6389,46 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device
+ description: 'rbd represents a Rados Block Device
mount on the host that shares a pod''s lifetime.
More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
image:
- description: 'The rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring
+ description: 'keyring is the path to key ring
for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication
+ description: 'secretRef is name of the authentication
secret for RBDUser. If provided overrides
keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -5587,39 +6439,41 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent
+ description: scaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO
- API Gateway.
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
+ description: protectionDomain is the name of
+ the ScaleIO Protection Domain for the configured
+ storage.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret
+ description: secretRef references to the secret
for ScaleIO user and other sensitive information.
If this is not provided, Login operation will
fail.
@@ -5631,27 +6485,28 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for
- a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
+ description: storageMode indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
type: string
system:
- description: The name of the storage system
- as configured in ScaleIO.
+ description: system is the name of the storage
+ system as configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that
+ is associated with this volume source.
type: string
required:
- gateway
@@ -5659,25 +6514,25 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should
+ description: 'secret represents a secret that should
populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is Optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items If unspecified, each key-value
pair in the Data field of the referenced Secret
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -5693,29 +6548,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -5723,31 +6578,33 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its
- keys must be defined
+ description: optional field specify whether
+ the Secret or its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s
- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the
+ secret in the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume
+ description: storageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret
+ description: secretRef specifies the secret
to use for obtaining the StorageOS API credentials. If
not specified, default values will be attempted.
properties:
@@ -5758,13 +6615,14 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable
+ description: volumeName is the human-readable
name of the StorageOS volume. Volume names
are only unique within a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope
+ description: volumeNamespace specifies the scope
of the volume within StorageOS. If no namespace
is specified then the Pod's namespace will
be used. This allows the Kubernetes name
@@ -5777,26 +6635,28 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere
+ description: vsphereVolume represents a vSphere
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management
- (SPBM) profile name.
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume
- vmdk
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
type: string
required:
- volumePath
@@ -5852,9 +6712,9 @@
type: integer
restartSchedule:
description: "Perform a scheduled restart on the given schedule, in
- CRON format. \n Multiple CRON syntaxes are supported - Standard
- CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
- (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every
+ CRON format. \n Multiple CRON syntaxes are supported - Standard
+ CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
+ (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every
10h30m\") \n For more information please check this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
type: string
scrapeInterval:
@@ -5992,6 +6852,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
mountedTLSDir:
description: Used to specify a path where the keystore, truststore,
and password files for the TLS certificate are mounted by
@@ -6046,6 +6907,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
restartOnTLSSecretUpdate:
description: Opt-in flag to restart Solr pods after TLS secret
updates, such as if the cert is renewed; default is false.
@@ -6074,6 +6936,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
trustStoreSecret:
description: TLS Secret containing a pkcs12 truststore; if
not provided, then the keystore and password are used for
@@ -6095,6 +6958,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
verifyClientHostname:
description: Verify client's hostname during SSL handshake
Only applies for server configuration
@@ -6126,9 +6990,3 @@
storage: true
subresources:
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index a01adfa..8aa1552 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -12,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
diff --git a/controllers/controller_utils_test.go b/controllers/controller_utils_test.go
index c6c3b60..c76e65d 100644
--- a/controllers/controller_utils_test.go
+++ b/controllers/controller_utils_test.go
@@ -751,7 +751,7 @@
SuccessThreshold: 1,
FailureThreshold: 3,
PeriodSeconds: 10,
- Handler: corev1.Handler{
+ ProbeHandler: corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Scheme: corev1.URISchemeHTTP,
Path: "/solr/admin/info/system",
@@ -765,7 +765,7 @@
SuccessThreshold: 1,
FailureThreshold: 3,
PeriodSeconds: 5,
- Handler: corev1.Handler{
+ ProbeHandler: corev1.ProbeHandler{
TCPSocket: &corev1.TCPSocketAction{
Port: intstr.FromInt(8983),
},
@@ -777,7 +777,7 @@
SuccessThreshold: 1,
FailureThreshold: 5,
PeriodSeconds: 5,
- Handler: corev1.Handler{
+ ProbeHandler: corev1.ProbeHandler{
Exec: &corev1.ExecAction{
Command: []string{
"ls",
@@ -786,12 +786,12 @@
},
}
testLifecycle = &corev1.Lifecycle{
- PostStart: &corev1.Handler{
+ PostStart: &corev1.LifecycleHandler{
Exec: &corev1.ExecAction{
Command: []string{"/bin/sh", "-c", "echo Hello from the postStart handler"},
},
},
- PreStop: &corev1.Handler{
+ PreStop: &corev1.LifecycleHandler{
Exec: &corev1.ExecAction{
Command: []string{"/bin/sh", "-c", "echo Hello from the preStop handler"},
},
@@ -868,7 +868,7 @@
}
testResources = corev1.ResourceRequirements{
Limits: map[corev1.ResourceName]resource.Quantity{
- corev1.ResourceCPU: *resource.NewMilliQuantity(5300, resource.DecimalSI),
+ corev1.ResourceCPU: resource.MustParse("5300m"),
},
Requests: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceEphemeralStorage: resource.MustParse("5Gi"),
@@ -876,7 +876,7 @@
}
testResources2 = corev1.ResourceRequirements{
Limits: map[corev1.ResourceName]resource.Quantity{
- corev1.ResourceCPU: *resource.NewMilliQuantity(400, resource.DecimalSI),
+ corev1.ResourceCPU: resource.MustParse("400m"),
},
Requests: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceEphemeralStorage: resource.MustParse("3Gi"),
diff --git a/controllers/solrcloud_controller_basic_auth_test.go b/controllers/solrcloud_controller_basic_auth_test.go
index 4305b3f..c9facb5 100644
--- a/controllers/solrcloud_controller_basic_auth_test.go
+++ b/controllers/solrcloud_controller_basic_auth_test.go
@@ -85,7 +85,7 @@
FContext("Boostrap Security JSON with Custom Probe Paths", func() {
BeforeEach(func() {
- customHandler := corev1.Handler{
+ customHandler := corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Scheme: corev1.URISchemeHTTP,
Path: "/solr/readyz",
@@ -96,8 +96,8 @@
// verify users can vary the probe path and the secure probe exec command uses them
solrCloud.Spec.CustomSolrKubeOptions = solrv1beta1.CustomSolrKubeOptions{
PodOptions: &solrv1beta1.PodOptions{
- LivenessProbe: &corev1.Probe{Handler: customHandler},
- ReadinessProbe: &corev1.Probe{Handler: customHandler},
+ LivenessProbe: &corev1.Probe{ProbeHandler: customHandler},
+ ReadinessProbe: &corev1.Probe{ProbeHandler: customHandler},
},
}
diff --git a/controllers/solrcloud_controller_tls_test.go b/controllers/solrcloud_controller_tls_test.go
index f07cb11..55af51c 100644
--- a/controllers/solrcloud_controller_tls_test.go
+++ b/controllers/solrcloud_controller_tls_test.go
@@ -125,7 +125,7 @@
}
solrCloud.Spec.CustomSolrKubeOptions.PodOptions = &solrv1beta1.PodOptions{
ReadinessProbe: &corev1.Probe{
- Handler: corev1.Handler{
+ ProbeHandler: corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Scheme: corev1.URISchemeHTTPS,
Path: "/solr/admin/info/health",
diff --git a/controllers/util/common.go b/controllers/util/common.go
index 5fb57f4..d58e0a1 100644
--- a/controllers/util/common.go
+++ b/controllers/util/common.go
@@ -174,8 +174,8 @@
initialProbe.PeriodSeconds = customProbe.PeriodSeconds
}
- if customProbe.Handler.Exec != nil || customProbe.Handler.HTTPGet != nil || customProbe.Handler.TCPSocket != nil {
- initialProbe.Handler = customProbe.Handler
+ if customProbe.ProbeHandler.Exec != nil || customProbe.ProbeHandler.HTTPGet != nil || customProbe.ProbeHandler.TCPSocket != nil {
+ initialProbe.ProbeHandler = customProbe.ProbeHandler
}
return initialProbe
diff --git a/controllers/util/prometheus_exporter_util.go b/controllers/util/prometheus_exporter_util.go
index e35da50..dc77ed6 100644
--- a/controllers/util/prometheus_exporter_util.go
+++ b/controllers/util/prometheus_exporter_util.go
@@ -192,7 +192,7 @@
Env: envVars,
LivenessProbe: &corev1.Probe{
- Handler: corev1.Handler{
+ ProbeHandler: corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Scheme: corev1.URISchemeHTTP,
Path: "/metrics",
diff --git a/controllers/util/solr_util.go b/controllers/util/solr_util.go
index 5bc95c0..690ba9c 100644
--- a/controllers/util/solr_util.go
+++ b/controllers/util/solr_util.go
@@ -80,7 +80,7 @@
}
defaultProbeTimeout := int32(1)
- defaultHandler := corev1.Handler{
+ defaultHandler := corev1.ProbeHandler{
HTTPGet: &corev1.HTTPGetAction{
Scheme: probeScheme,
Path: "/solr" + DefaultProbePath,
@@ -328,9 +328,9 @@
}
// Only have a postStart command to create the chRoot, if it is not '/' (which does not need to be created)
- var postStart *corev1.Handler
+ var postStart *corev1.LifecycleHandler
if hasChroot {
- postStart = &corev1.Handler{
+ postStart = &corev1.LifecycleHandler{
Exec: &corev1.ExecAction{
Command: []string{"sh", "-c", "solr zk ls ${ZK_CHROOT} -z ${ZK_SERVER} || solr zk mkroot ${ZK_CHROOT} -z ${ZK_SERVER}"},
},
@@ -338,7 +338,7 @@
}
// Default preStop hook
- preStop := &corev1.Handler{
+ preStop := &corev1.LifecycleHandler{
Exec: &corev1.ExecAction{
Command: []string{"solr", "stop", "-p", strconv.Itoa(solrPodPort)},
},
@@ -412,7 +412,7 @@
SuccessThreshold: 1,
FailureThreshold: 3,
PeriodSeconds: 10,
- Handler: defaultHandler,
+ ProbeHandler: defaultHandler,
},
ReadinessProbe: &corev1.Probe{
InitialDelaySeconds: 15,
@@ -420,7 +420,7 @@
SuccessThreshold: 1,
FailureThreshold: 3,
PeriodSeconds: 5,
- Handler: defaultHandler,
+ ProbeHandler: defaultHandler,
},
VolumeMounts: volumeMounts,
Env: envVars,
diff --git a/dependency_licenses.csv b/dependency_licenses.csv
index d0267a8..c5d540f 100644
--- a/dependency_licenses.csv
+++ b/dependency_licenses.csv
@@ -1,62 +1,75 @@
-cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/v0.54.0/LICENSE,Apache-2.0
-github.com/Azure/go-autorest/autorest,https://github.com/Azure/go-autorest/blob/autorest/v0.11.1/autorest/LICENSE,Apache-2.0
-github.com/Azure/go-autorest/autorest/adal,https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.5/autorest/adal/LICENSE,Apache-2.0
+cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/v0.97.0/LICENSE,Apache-2.0
+github.com/Azure/go-autorest/autorest,https://github.com/Azure/go-autorest/blob/autorest/v0.11.27/autorest/LICENSE,Apache-2.0
+github.com/Azure/go-autorest/autorest/adal,https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.20/autorest/adal/LICENSE,Apache-2.0
github.com/Azure/go-autorest/autorest/date,https://github.com/Azure/go-autorest/blob/autorest/date/v0.3.0/autorest/date/LICENSE,Apache-2.0
-github.com/Azure/go-autorest/logger,https://github.com/Azure/go-autorest/blob/logger/v0.2.0/logger/LICENSE,Apache-2.0
+github.com/Azure/go-autorest/logger,https://github.com/Azure/go-autorest/blob/logger/v0.2.1/logger/LICENSE,Apache-2.0
github.com/Azure/go-autorest/tracing,https://github.com/Azure/go-autorest/blob/tracing/v0.6.0/tracing/LICENSE,Apache-2.0
+github.com/PuerkitoBio/purell,https://github.com/PuerkitoBio/purell/blob/v1.1.1/LICENSE,BSD-3-Clause
+github.com/PuerkitoBio/urlesc,https://github.com/PuerkitoBio/urlesc/blob/de5bf2ad4578/LICENSE,BSD-3-Clause
github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT
-github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.1.1/LICENSE.txt,MIT
+github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.1.2/LICENSE.txt,MIT
github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/v1.1.1/LICENSE,ISC
-github.com/docker/spdystream,https://github.com/docker/spdystream/blob/449fdfce4d96/LICENSE,Apache-2.0
-github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v4.9.0/LICENSE,BSD-3-Clause
-github.com/form3tech-oss/jwt-go,https://github.com/form3tech-oss/jwt-go/blob/v3.2.2/LICENSE,MIT
-github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.4.9/LICENSE,BSD-3-Clause
-github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v0.3.0/LICENSE,Apache-2.0
-github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v0.2.0/LICENSE,Apache-2.0
+github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.8.0/LICENSE,MIT
+github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.6.0/v5/LICENSE,BSD-3-Clause
+github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.5.4/LICENSE,BSD-3-Clause
+github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.2.3/LICENSE,Apache-2.0
+github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.2.3/LICENSE,Apache-2.0
+github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.19.5/LICENSE,Apache-2.0
+github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.19.5/LICENSE,Apache-2.0
+github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.19.14/LICENSE,Apache-2.0
github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause
-github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/8c9f03a8e57e/LICENSE,Apache-2.0
+github.com/golang-jwt/jwt/v4,https://github.com/golang-jwt/jwt/blob/v4.2.0/LICENSE,MIT
+github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0
github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.2/LICENSE,BSD-3-Clause
-github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.5.5/LICENSE,BSD-3-Clause
+github.com/google/gnostic,https://github.com/google/gnostic/blob/v0.5.7-v3refs/LICENSE,Apache-2.0
+github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.5.8/LICENSE,BSD-3-Clause
github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.1.0/LICENSE,Apache-2.0
github.com/google/uuid,https://github.com/google/uuid/blob/v1.1.2/LICENSE,BSD-3-Clause
-github.com/googleapis/gnostic,https://github.com/googleapis/gnostic/blob/v0.5.1/LICENSE,Apache-2.0
-github.com/hashicorp/golang-lru,https://github.com/hashicorp/golang-lru/blob/v0.5.4/LICENSE,MPL-2.0
-github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.10/LICENSE,BSD-3-Clause
-github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.10/LICENSE,MIT
+github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.12/LICENSE,BSD-3-Clause
+github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT
+github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT
+github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.6/LICENSE,MIT
github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/c182affec369/LICENSE,Apache-2.0
+github.com/moby/spdystream,https://github.com/moby/spdystream/blob/v0.2.0/LICENSE,Apache-2.0
github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0
-github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.1/LICENSE,Apache-2.0
+github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0
+github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause
github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause
-github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.7.1/LICENSE,Apache-2.0
+github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.12.2/LICENSE,Apache-2.0
github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.2.0/LICENSE,Apache-2.0
-github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.10.0/LICENSE,Apache-2.0
-github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.10.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause
-github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.2.0/LICENSE,Apache-2.0
+github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.32.1/LICENSE,Apache-2.0
+github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.32.1/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause
+github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.7.3/LICENSE,Apache-2.0
github.com/robfig/cron/v3,https://github.com/robfig/cron/blob/v3.0.1/LICENSE,MIT
github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause
-go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.6.0/LICENSE.txt,MIT
-go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.5.0/LICENSE.txt,MIT
-go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.15.0/LICENSE.txt,MIT
-golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/8b5274cf:LICENSE,BSD-3-Clause
-golang.org/x/net,https://cs.opensource.google/go/x/net/+/89ef3d95:LICENSE,BSD-3-Clause
-golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/bf48bf16:LICENSE,BSD-3-Clause
-golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/04245dca:LICENSE,BSD-3-Clause
-golang.org/x/term,https://cs.opensource.google/go/x/term/+/7de9c90e:LICENSE,BSD-3-Clause
+go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.7.0/LICENSE.txt,MIT
+go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.6.0/LICENSE.txt,MIT
+go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.21.0/LICENSE.txt,MIT
+golang.org/x/crypto/pkcs12,https://cs.opensource.google/go/x/crypto/+/3147a52a:LICENSE,BSD-3-Clause
+golang.org/x/net,https://cs.opensource.google/go/x/net/+/a158d28d:LICENSE,BSD-3-Clause
+golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/d3ed0bb2:LICENSE,BSD-3-Clause
+golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/8c9f86f7:LICENSE,BSD-3-Clause
+golang.org/x/term,https://cs.opensource.google/go/x/term/+/03fcf44c:LICENSE,BSD-3-Clause
golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.3.7:LICENSE,BSD-3-Clause
-golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/3af7569d:LICENSE,BSD-3-Clause
-gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.1.0/v2/LICENSE,Apache-2.0
-google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.26.0/LICENSE,BSD-3-Clause
+golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/579cf78f:LICENSE,BSD-3-Clause
+gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.2.0/v2/LICENSE,Apache-2.0
+google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.28.0/LICENSE,BSD-3-Clause
gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause
gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
-gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/eeeca48fe776/LICENSE,MIT
-k8s.io/api,https://github.com/kubernetes/api/blob/v0.20.2/LICENSE,Apache-2.0
-k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.20.1/LICENSE,Apache-2.0
-k8s.io/apimachinery,https://github.com/kubernetes/apimachinery/blob/v0.20.2/LICENSE,Apache-2.0
-k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.20.2/LICENSE,Apache-2.0
-k8s.io/component-base/config,https://github.com/kubernetes/component-base/blob/v0.20.2/LICENSE,Apache-2.0
-k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.4.0/LICENSE,Apache-2.0
-k8s.io/kube-openapi/pkg/util/proto,https://github.com/kubernetes/kube-openapi/blob/d219536bb9fd/LICENSE,Apache-2.0
-k8s.io/utils,https://github.com/kubernetes/utils/blob/fddb29f9d009/LICENSE,Apache-2.0
-sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.8.3/LICENSE,Apache-2.0
-sigs.k8s.io/structured-merge-diff/v4/value,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.0.2/LICENSE,Apache-2.0
-sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.2.0/LICENSE,MIT
+gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT
+k8s.io/api,https://github.com/kubernetes/api/blob/v0.25.3/LICENSE,Apache-2.0
+k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.25.0/LICENSE,Apache-2.0
+k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.25.3/LICENSE,Apache-2.0
+k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.25.3/third_party/forked/golang/LICENSE,BSD-3-Clause
+k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.25.3/LICENSE,Apache-2.0
+k8s.io/client-go/third_party/forked/golang/template,https://github.com/kubernetes/client-go/blob/v0.25.3/third_party/forked/golang/LICENSE,BSD-3-Clause
+k8s.io/component-base/config,https://github.com/kubernetes/component-base/blob/v0.25.0/LICENSE,Apache-2.0
+k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.70.1/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/67bda5d908f1/LICENSE,Apache-2.0
+k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/67bda5d908f1/pkg/validation/spec/LICENSE,Apache-2.0
+k8s.io/utils,https://github.com/kubernetes/utils/blob/ee6ede2d64ed/LICENSE,Apache-2.0
+k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/ee6ede2d64ed/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
+sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.13.0/LICENSE,Apache-2.0
+sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/f223a00ba0e2/LICENSE,Apache-2.0
+sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.2.3/LICENSE,Apache-2.0
+sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.3.0/LICENSE,MIT
diff --git a/go.mod b/go.mod
index 12eb8b0..250c0e1 100644
--- a/go.mod
+++ b/go.mod
@@ -3,83 +3,85 @@
go 1.19
require (
- github.com/fsnotify/fsnotify v1.4.9
- github.com/go-logr/logr v0.3.0
- github.com/onsi/ginkgo v1.16.4
- github.com/onsi/gomega v1.16.0
+ github.com/fsnotify/fsnotify v1.5.4
+ github.com/go-logr/logr v1.2.3
+ github.com/onsi/ginkgo v1.16.5
+ github.com/onsi/gomega v1.20.1
github.com/robfig/cron/v3 v3.0.1
- github.com/stretchr/testify v1.6.1
- golang.org/x/net v0.0.0-20210428140749-89ef3d95e781
- k8s.io/api v0.20.2
- k8s.io/apimachinery v0.20.2
- k8s.io/client-go v0.20.2
- k8s.io/utils v0.0.0-20210111153108-fddb29f9d009
- sigs.k8s.io/controller-runtime v0.8.3
+ github.com/stretchr/testify v1.8.0
+ golang.org/x/net v0.0.0-20220722155237-a158d28d115b
+ k8s.io/api v0.25.3
+ k8s.io/apimachinery v0.25.3
+ k8s.io/client-go v0.25.3
+ k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
+ sigs.k8s.io/controller-runtime v0.13.0
)
require (
- cloud.google.com/go v0.54.0 // indirect
+ cloud.google.com/go v0.97.0 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
- github.com/Azure/go-autorest/autorest v0.11.1 // indirect
- github.com/Azure/go-autorest/autorest/adal v0.9.5 // indirect
+ github.com/Azure/go-autorest/autorest v0.11.27 // indirect
+ github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
- github.com/Azure/go-autorest/logger v0.2.0 // indirect
+ github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+ github.com/PuerkitoBio/purell v1.1.1 // indirect
+ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/beorn7/perks v1.0.1 // indirect
- github.com/cespare/xxhash/v2 v2.1.1 // indirect
+ github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
- github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 // indirect
- github.com/evanphx/json-patch v4.9.0+incompatible // indirect
- github.com/form3tech-oss/jwt-go v3.2.2+incompatible // indirect
- github.com/go-logr/zapr v0.2.0 // indirect
- github.com/gogo/protobuf v1.3.1 // indirect
- github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+ github.com/emicklei/go-restful/v3 v3.8.0 // indirect
+ github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+ github.com/go-logr/zapr v1.2.3 // indirect
+ github.com/go-openapi/jsonpointer v0.19.5 // indirect
+ github.com/go-openapi/jsonreference v0.19.5 // indirect
+ github.com/go-openapi/swag v0.19.14 // indirect
+ github.com/gogo/protobuf v1.3.2 // indirect
+ github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
+ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
- github.com/google/go-cmp v0.5.5 // indirect
+ github.com/google/gnostic v0.5.7-v3refs // indirect
+ github.com/google/go-cmp v0.5.8 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/uuid v1.1.2 // indirect
- github.com/googleapis/gnostic v0.5.1 // indirect
- github.com/hashicorp/golang-lru v0.5.4 // indirect
- github.com/imdario/mergo v0.3.10 // indirect
- github.com/json-iterator/go v1.1.10 // indirect
+ github.com/imdario/mergo v0.3.12 // indirect
+ github.com/josharian/intern v1.0.0 // indirect
+ github.com/json-iterator/go v1.1.12 // indirect
+ github.com/mailru/easyjson v0.7.6 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+ github.com/moby/spdystream v0.2.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
- github.com/modern-go/reflect2 v1.0.1 // indirect
+ github.com/modern-go/reflect2 v1.0.2 // indirect
+ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
- github.com/prometheus/client_golang v1.7.1 // indirect
+ github.com/prometheus/client_golang v1.12.2 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
- github.com/prometheus/common v0.10.0 // indirect
- github.com/prometheus/procfs v0.2.0 // indirect
+ github.com/prometheus/common v0.32.1 // indirect
+ github.com/prometheus/procfs v0.7.3 // indirect
github.com/spf13/pflag v1.0.5 // indirect
- go.uber.org/atomic v1.6.0 // indirect
- go.uber.org/multierr v1.5.0 // indirect
- go.uber.org/zap v1.15.0 // indirect
- golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 // indirect
- golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
- golang.org/x/sys v0.0.0-20210423082822-04245dca01da // indirect
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
- golang.org/x/text v0.3.6 // indirect
- golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
- gomodules.xyz/jsonpatch/v2 v2.1.0 // indirect
- google.golang.org/appengine v1.6.6 // indirect
- google.golang.org/protobuf v1.26.0 // indirect
+ go.uber.org/atomic v1.7.0 // indirect
+ go.uber.org/multierr v1.6.0 // indirect
+ go.uber.org/zap v1.21.0 // indirect
+ golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect
+ golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
+ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+ golang.org/x/text v0.3.7 // indirect
+ golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
+ gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+ google.golang.org/appengine v1.6.7 // indirect
+ google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
- gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
- k8s.io/apiextensions-apiserver v0.20.1 // indirect
- k8s.io/component-base v0.20.2 // indirect
- k8s.io/klog/v2 v2.4.0 // indirect
- k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
- sigs.k8s.io/yaml v1.2.0 // indirect
-)
-
-// These are to fix security vulnerabilities. Remove whenever these are the default versions used
-replace (
- github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
- golang.org/x/crypto => golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f
- golang.org/x/text => golang.org/x/text v0.3.7
+ gopkg.in/yaml.v3 v3.0.1 // indirect
+ k8s.io/apiextensions-apiserver v0.25.0 // indirect
+ k8s.io/component-base v0.25.0 // indirect
+ k8s.io/klog/v2 v2.70.1 // indirect
+ k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
+ sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+ sigs.k8s.io/yaml v1.3.0 // indirect
)
diff --git a/go.sum b/go.sum
index 0b0b5ea..844a94b 100644
--- a/go.sum
+++ b/go.sum
@@ -8,148 +8,169 @@
cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0 h1:3ithwDMr7/3vpAMXiH+ZQnYbuIsh+OPhUPMFC9enmn0=
cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
+cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
+cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
+cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
+cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
+cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8=
+cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1 h1:eVvIXUKiTgv++6YnWb42DUA1YL7qDugnKP0HljexdnQ=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
+github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
+github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
+github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
+github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
+github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
+github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
+github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
+github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
+github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
+github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
+github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
+github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
+github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
+github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v0.3.0 h1:q4c+kbcR0d5rSurhBR8dIgieOaYpXtsdTYfx22Cu6rs=
-github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/zapr v0.2.0 h1:v6Ji8yBW77pva6NkJKQdHLAJKrIJKRHz0RXwPqCHSR4=
-github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
+github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4=
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
+github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
+github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
+github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
@@ -159,247 +180,207 @@
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
+github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/googleapis/gnostic v0.5.1 h1:A8Yhf6EtqTv9RMsU6MQTyrtV1TjWlR6xU9BsZIwuTCM=
-github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
+github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
+github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
+github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
+github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
-github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
-github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
+github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA=
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
+github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.10.0 h1:RyRA7RzGXQZiW+tGMr7sxa85G1z0yOpM1qq5c8lNawc=
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.8.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM=
-go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc=
-golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f h1:aZp0e2vLN4MToVqnjNEYEtrEA8RH8U8FN1CU7JgqsPU=
-golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
+go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
+go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
+go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
+golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -421,8 +402,9 @@
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -430,15 +412,14 @@
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -448,8 +429,8 @@
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -458,30 +439,58 @@
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -490,14 +499,11 @@
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -509,47 +515,76 @@
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U=
+golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -564,20 +599,37 @@
golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a h1:CB3a9Nez8M13wwlr/E2YtwoU+qYHKfC+JrDa45RXXoQ=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.1.0 h1:Phva6wqu+xR//Njw6iorylFFgn/z547tw5Ne3HZPQ+k=
-gomodules.xyz/jsonpatch/v2 v2.1.0/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU=
+gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
+gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -587,14 +639,33 @@
google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
+google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
+google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
+google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
+google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -612,16 +683,71 @@
google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
+google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
+google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -633,27 +759,25 @@
google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -661,52 +785,42 @@
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3 h1:sXmLre5bzIR6ypkjXCDI3jHPssRhc8KD/Ome589sc3U=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.2 h1:y/HR22XDZY3pniu9hIFDLpUCPq2w5eQ6aV/VFQ7uJMw=
-k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8=
-k8s.io/apiextensions-apiserver v0.20.1 h1:ZrXQeslal+6zKM/HjDXLzThlz/vPSxrfK3OqL8txgVQ=
-k8s.io/apiextensions-apiserver v0.20.1/go.mod h1:ntnrZV+6a3dB504qwC5PN/Yg9PBiDNt1EVqbW2kORVk=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.2 h1:hFx6Sbt1oG0n6DZ+g4bFt5f6BoMkOjKWsQFu077M3Vg=
-k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.2 h1:uuf+iIAbfnCSw8IGAv/Rg0giM+2bOzHLOsbbrwrdhNQ=
-k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE=
-k8s.io/code-generator v0.20.1/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.2 h1:LMmu5I0pLtwjpp5009KLuMGFqSc2S2isGw8t1hpYKLE=
-k8s.io/component-base v0.20.2/go.mod h1:pzFtCiwe/ASD0iV7ySMu8SYVJjCapNM9bjvk7ptpKh0=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ=
+k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI=
+k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY=
+k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E=
+k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc=
+k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
+k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0=
+k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA=
+k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y=
+k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk=
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd h1:sOHNzJIkytDF6qadMNKhhDRpc6ODik8lVC6nOur7B2c=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20210111153108-fddb29f9d009 h1:0T5IaWHO3sJTEmCP6mUlBvMukxPKUQWqiI/YuiBNMiQ=
-k8s.io/utils v0.0.0-20210111153108-fddb29f9d009/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
+k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA=
+k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
+k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
+k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/controller-runtime v0.8.3 h1:GMHvzjTmaWHQB8HadW+dIvBoJuLvZObYJ5YoZruPRao=
-sigs.k8s.io/controller-runtime v0.8.3/go.mod h1:U/l+DUopBc1ecfRZ5aviA9JDmGFQKvLf5YkZNx2e0sU=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2 h1:YHQV7Dajm86OuqnIR6zAelnDWBRjo+YhYV9PmGrh1s8=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
+sigs.k8s.io/controller-runtime v0.13.0 h1:iqa5RNciy7ADWnIc8QxCbOX5FEKVR3uxVxKHRMc2WIQ=
+sigs.k8s.io/controller-runtime v0.13.0/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/helm/solr-operator/crds/crds.yaml b/helm/solr-operator/crds/crds.yaml
index 9fbe7c6..2057b33 100644
--- a/helm/solr-operator/crds/crds.yaml
+++ b/helm/solr-operator/crds/crds.yaml
@@ -12,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -20,7 +19,7 @@
annotations:
operator.solr.apache.org/version: v0.7.0-prerelease
argocd.argoproj.io/sync-options: Replace=true
- controller-gen.kubebuilder.io/version: v0.6.0
+ controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: solrbackups.solr.apache.org
spec:
@@ -106,11 +105,11 @@
type: integer
schedule:
description: "Perform a backup on the given schedule, in CRON
- format. \n Multiple CRON syntaxes are supported - Standard
- CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined
- Schedules (e.g. \"@yearly\", \"@weekly\", \"@daily\", etc.)
- \ - Intervals (e.g. \"@every 10h30m\") \n For more information
- please check this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
+ format. \n Multiple CRON syntaxes are supported - Standard CRON
+ (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
+ (e.g. \"@yearly\", \"@weekly\", \"@daily\", etc.) - Intervals
+ (e.g. \"@every 10h30m\") \n For more information please check
+ this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
type: string
required:
- schedule
@@ -262,13 +261,6 @@
storage: true
subresources:
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
-
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -276,7 +268,7 @@
annotations:
operator.solr.apache.org/version: v0.7.0-prerelease
argocd.argoproj.io/sync-options: Replace=true
- controller-gen.kubebuilder.io/version: v0.6.0
+ controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: solrclouds.solr.apache.org
spec:
@@ -387,6 +379,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
required:
- bucket
type: object
@@ -441,6 +434,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
credentialsFileSecret:
description: The name & key of a Kubernetes secret holding
an AWS credentials file
@@ -461,6 +455,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
secretAccessKeySecret:
description: The name & key of a Kubernetes secret holding
an AWS Secret Access Key
@@ -481,6 +476,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
sessionTokenSecret:
description: The name & key of a Kubernetes secret holding
an AWS Session Token
@@ -501,6 +497,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
endpoint:
description: The full endpoint URL to use when connecting
@@ -537,123 +534,128 @@
- ReadWriteMany`. Other options are to use a NFS volume.'
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an AWS
+ description: 'awsElasticBlockStore represents an AWS
Disk resource that is attached to a kubelet''s host
machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you
- want to mount. If omitted, the default is to mount
- by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the
- volume partition for /dev/sda is "0" (or you can
- leave the property empty).'
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set the
- ReadOnly property in VolumeMounts to "true". If
- omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force the
+ readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk resource
- in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data Disk
+ description: azureDisk represents an Azure Data Disk
mount on the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read Only,
- Read Write.'
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the blob
- storage
+ description: diskName is the Name of the data disk
+ in the blob storage
type: string
diskURI:
- description: The URI the data disk in the blob storage
+ description: diskURI is the URI of data disk in
+ the blob storage
type: string
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple blob
- disks per storage account Dedicated: single blob
- disk per storage account Managed: azure managed
- data disk (only in managed availability set).
- defaults to shared'
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File Service
+ description: azureFile represents an Azure File Service
mount on the host and bind mount to the pod.
properties:
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains Azure
- Storage Account Name and Key
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on the
+ description: cephFS represents a Ceph FS mount on the
host that shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors is
+ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted root,
- rather than the full Ceph tree, default is /'
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path to
- key ring for User, default is /etc/ceph/user.secret
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default is /etc/ceph/user.secret
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference to
- the authentication secret for User, default is
- empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef is
+ reference to the authentication secret for User,
+ default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info:
@@ -662,32 +664,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user name,
- default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the rados
+ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume attached
+ description: 'cinder represents a cinder volume attached
and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must be
- a filesystem type supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More info:
- https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points to a
+ secret object containing parameters used to connect
+ to OpenStack.'
properties:
name:
description: 'Name of the referent. More info:
@@ -696,33 +700,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the volume
+ description: 'volumeID used to identify the volume
in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that should
+ description: configMap represents a configMap that should
populate this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for
- mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This
- might be in conflict with other options that affect
- the file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced ConfigMap
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file whose
name is the key and content is the value. If specified,
the listed keys will be projected into the specified
@@ -737,26 +742,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both
- octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
type: string
required:
- key
@@ -769,28 +776,29 @@
uid?'
type: string
optional:
- description: Specify whether the ConfigMap or its
- keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents
+ description: csi (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
- description: Driver is the name of the CSI driver
+ description: driver is the name of the CSI driver
that handles this volume. Consult with your admin
for the correct name as registered in the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty value
- is passed to the associated CSI driver which will
- determine the default filesystem to apply.
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
+ description: nodePublishSecretRef is a reference
to the secret object containing sensitive information
to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
@@ -806,14 +814,15 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration
+ description: readOnly specifies a read-only configuration
for the volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific
+ description: volumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for supported
values.
@@ -822,7 +831,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API about
+ description: downwardAPI represents downward API about
the pod that should populate this volume
properties:
defaultMode:
@@ -864,6 +873,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used to
set permissions on this file, must be an
@@ -909,51 +919,52 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory
+ description: 'emptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which means
- to use the node''s default medium. Must be an
- empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage
+ medium should back this directory. The default
+ is "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required
- for this EmptyDir volume. The size limit is also
- applicable for memory medium. The maximum usage
- on memory medium EmptyDir would be the minimum
- value between the SizeLimit specified here and
- the sum of memory limits of all containers in
- a pod. The default is nil which means that the
- limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The
+ size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified
+ here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that is
- handled by a cluster storage driver (Alpha feature).
- The volume's lifecycle is tied to the pod that defines
- it - it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if: a)
- the volume is only needed while the pod runs, b) features
- of normal volumes like restoring from snapshot or
- capacity tracking are needed, c) the storage driver
- is specified through a storage class, and d) the storage
- driver supports dynamic volume provisioning through
- \ a PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim). \n
- Use PersistentVolumeClaim or one of the vendor-specific
+ description: "ephemeral represents a volume that is
+ handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it - it
+ will be created before the pod starts, and deleted
+ when the pod is removed. \n Use this if: a) the volume
+ is only needed while the pod runs, b) features of
+ normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver
+ supports dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on
+ the connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the
lifecycle of an individual pod. \n Use CSI for light-weight
local ephemeral volumes if the CSI driver is meant
@@ -962,10 +973,6 @@
types of ephemeral volumes and persistent volumes
at the same time."
properties:
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
volumeClaimTemplate:
description: "Will be used to create a stand-alone
PVC to provision the volume. The pod in which
@@ -1004,26 +1011,25 @@
are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the desired
+ description: 'accessModes contains the desired
access modes the volume should have. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to
- specify either: * An existing VolumeSnapshot
+ description: 'dataSource field can be used
+ to specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that implements
- data population (Alpha) In order to use
- custom resource types that implement data
- population, the AnyVolumeDataSource feature
- gate must be enabled. If the provisioner
- or an external controller can support
- the specified data source, it will create
- a new volume based on the contents of
- the specified data source.'
+ If the provisioner or an external controller
+ can support the specified data source,
+ it will create a new volume based on the
+ contents of the specified data source.
+ If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have
+ the same contents as the DataSourceRef
+ field.'
properties:
apiGroup:
description: APIGroup is the group for
@@ -1045,10 +1051,67 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the
+ object from which to populate the volume
+ with data, if a non-empty volume is desired.
+ This may be any local object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if the
+ type of the specified object matches some
+ installed volume populator or dynamic
+ provisioner. This field will replace the
+ functionality of the DataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, both fields (DataSource
+ and DataSourceRef) will be set to the
+ same value automatically if one of them
+ is empty and the other is non-empty. There
+ are two important differences between
+ DataSource and DataSourceRef: * While
+ DataSource only allows two specific types
+ of objects, DataSourceRef allows any non-core
+ object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed
+ values (dropping them), DataSourceRef
+ preserves all values, and generates an
+ error if a disallowed value is specified.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the minimum
- resources the volume should have. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: 'resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to
+ specify resource requirements that are
+ lower than previous value but must still
+ be higher than capacity recorded in the
+ status field of the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -1059,7 +1122,7 @@
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum
amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -1074,12 +1137,12 @@
a container, it defaults to Limits
if that is explicitly specified, otherwise
to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes
- to consider for binding.
+ description: selector is a label query over
+ volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list
@@ -1132,9 +1195,11 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name
+ of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type
@@ -1143,7 +1208,7 @@
in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference
+ description: volumeName is the binding reference
to the PersistentVolume backing this claim.
type: string
type: object
@@ -1152,74 +1217,75 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource
+ description: fc represents a Fibre Channel resource
that is attached to a kubelet's host machine and then
exposed to the pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must be
- a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. TODO: how
do we prevent errors in the filesystem from compromising
the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide names
- (WWNs)'
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide identifiers
- (wwids) Either wwids or combination of targetWWNs
- and lun must be set, but not both simultaneously.'
+ description: 'wwids Optional: FC volume world wide
+ identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not both
+ simultaneously.'
items:
type: string
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume
+ description: flexVolume represents a generic volume
resource that is provisioned/attached using an exec
based plugin.
properties:
driver:
- description: Driver is the name of the driver to
+ description: driver is the name of the driver to
use for this volume.
type: string
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". The default
- filesystem depends on FlexVolume script.
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". The
+ default filesystem depends on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options if
- any.'
+ description: 'options is Optional: this field holds
+ extra command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference to
- the secret object containing sensitive information
- to pass to the plugin scripts. This may be empty
- if no secret object is specified. If the secret
- object contains more than one secret, all secrets
- are passed to the plugin scripts.'
+ description: 'secretRef is Optional: secretRef is
+ reference to the secret object containing sensitive
+ information to pass to the plugin scripts. This
+ may be empty if no secret object is specified.
+ If the secret object contains more than one secret,
+ all secrets are passed to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More info:
@@ -1228,32 +1294,33 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume attached
+ description: flocker represents a Flocker volume attached
to a kubelet's host machine. This depends on the Flocker
control service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should be considered
- as deprecated
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset for
+ Flocker should be considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE Disk
+ description: 'gcePersistentDisk represents a GCE Disk
resource that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
+ description: 'fsType is filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -1261,21 +1328,22 @@
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that you
- want to mount. If omitted, the default is to mount
- by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the
- volume partition for /dev/sda is "0" (or you can
- leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource in
- GCE. Used to identify the disk in GCE. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD resource
+ in GCE. Used to identify the disk in GCE. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
@@ -1283,7 +1351,7 @@
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository at
+ description: 'gitRepo represents a git repository at
a particular revision. DEPRECATED: GitRepo is deprecated.
To provision a container with a git repo, mount an
EmptyDir into an InitContainer that clones the repo
@@ -1291,37 +1359,38 @@
container.'
properties:
directory:
- description: Target directory name. Must not contain
- or start with '..'. If '.' is supplied, the volume
- directory will be the git repository. Otherwise,
- if specified, the volume will contain the git
- repository in the subdirectory with the given
- name.
+ description: directory is the target directory name.
+ Must not contain or start with '..'. If '.' is
+ supplied, the volume directory will be the git
+ repository. Otherwise, if specified, the volume
+ will contain the git repository in the subdirectory
+ with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for the
+ specified revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
+ description: 'glusterfs represents a Glusterfs mount
on the host that shares a pod''s lifetime. More info:
https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint name
- that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: 'endpoints is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path.
+ description: 'path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs
+ description: 'readOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -1330,7 +1399,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing file
+ description: 'hostPath represents a pre-existing file
or directory on the host machine that is directly
exposed to the container. This is generally used for
system agents or other privileged things that are
@@ -1341,71 +1410,73 @@
directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host.
+ description: 'path of the directory on the host.
If the path is a symlink, it will follow the link
to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults
+ description: 'type for HostPath Volume Defaults
to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
+ description: 'iscsi represents an ISCSI Disk resource
that is attached to a kubelet''s host machine and
then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery CHAP
- authentication
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously,
- new iSCSI interface <target portal>:<volume name>
- will be created for the connection.
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses an iSCSI
- transport. Defaults to 'default' (tcp).
+ description: iscsiInterface is the interface Name
+ that uses an iSCSI transport. Defaults to 'default'
+ (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port is
- other than default (typically TCP ports 860 and
- 3260).
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically TCP
+ ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly
+ description: readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and initiator
- authentication
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
properties:
name:
description: 'Name of the referent. More info:
@@ -1414,10 +1485,12 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal is
- either an IP or ip_addr:port if the port is other
- than default (typically TCP ports 860 and 3260).
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port if
+ the port is other than default (typically TCP
+ ports 860 and 3260).
type: string
required:
- iqn
@@ -1425,20 +1498,20 @@
- targetPortal
type: object
nfs:
- description: 'NFS represents an NFS mount on the host
+ description: 'nfs represents an NFS mount on the host
that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS server.
+ description: 'path that is exported by the NFS server.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS export
+ description: 'readOnly here will force the NFS export
to be mounted with read-only permissions. Defaults
to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address
+ description: 'server is the hostname or IP address
of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -1446,132 +1519,133 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource represents
+ description: 'persistentVolumeClaimVolumeSource represents
a reference to a PersistentVolumeClaim in the same
namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting in
- VolumeMounts. Default false.
+ description: readOnly Will force the ReadOnly setting
+ in VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host
machine
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller
- persistent disk
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx volume
+ description: portworxVolume represents a portworx volume
attached and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem type
+ description: fSType represents the filesystem type
to mount Must be a filesystem type supported by
the host operating system. Ex. "ext4", "xfs".
Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a Portworx
+ description: volumeID uniquely identifies a Portworx
volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions on
- created files by default. Must be an octal value
- between 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Directories within the path are not affected
- by this setting. This might be in conflict with
- other options that affect the file mode, like
- fsGroup, and the result can be other mode bits
- set.
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path
+ are not affected by this setting. This might be
+ in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be
+ other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
- description: information about the configMap
- data to project
+ description: configMap information about the
+ configMap data to project
properties:
items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced
- ConfigMap will be projected into the
- volume as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected into
- the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap,
- the volume setup will error unless it
- is marked optional. Paths must be relative
- and may not contain the '..' path or
- start with '..'.
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced ConfigMap will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
items:
description: Maps a string key to a
path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits
- used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts
- both octal and decimal values,
- JSON requires decimal values for
- mode bits. If not specified, the
- volume defaultMode will be used.
- This might be in conflict with
- other options that affect the
- file mode, like fsGroup, and the
- result can be other mode bits
- set.'
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
format: int32
type: integer
path:
- description: The relative path of
- the file to map the key to. May
- not be an absolute path. May not
- contain the path element '..'.
- May not start with the string
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
'..'.
type: string
required:
@@ -1586,13 +1660,14 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI
- data to project
+ description: downwardAPI information about
+ the downwardAPI data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -1621,6 +1696,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits
used to set permissions on this
@@ -1676,59 +1752,60 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret
- data to project
+ description: secret information about the
+ secret data to project
properties:
items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced
- Secret will be projected into the volume
- as a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected into
- the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret,
- the volume setup will error unless it
- is marked optional. Paths must be relative
- and may not contain the '..' path or
- start with '..'.
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced Secret will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the Secret, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
items:
description: Maps a string key to a
path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits
- used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts
- both octal and decimal values,
- JSON requires decimal values for
- mode bits. If not specified, the
- volume defaultMode will be used.
- This might be in conflict with
- other options that affect the
- file mode, like fsGroup, and the
- result can be other mode bits
- set.'
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
format: int32
type: integer
path:
- description: The relative path of
- the file to map the key to. May
- not be an absolute path. May not
- contain the path element '..'.
- May not start with the string
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
'..'.
type: string
required:
@@ -1743,16 +1820,17 @@
kind, uid?'
type: string
optional:
- description: Specify whether the Secret
- or its key must be defined
+ description: optional field specify whether
+ the Secret or its key must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
properties:
audience:
- description: Audience is the intended
+ description: audience is the intended
audience of the token. A recipient of
a token must identify itself with an
identifier specified in the audience
@@ -1761,7 +1839,7 @@
the identifier of the apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is the
+ description: expirationSeconds is the
requested duration of validity of the
service account token. As the token
approaches expiration, the kubelet volume
@@ -1775,7 +1853,7 @@
format: int64
type: integer
path:
- description: Path is the path relative
+ description: path is the path relative
to the mount point of the file to project
the token into.
type: string
@@ -1786,36 +1864,36 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount on the
+ description: quobyte represents a Quobyte mount on the
host that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default
+ description: group to map volume access to Default
is no group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte
+ description: readOnly here will force the Quobyte
volume to be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
- description: Registry represents a single or multiple
+ description: registry represents a single or multiple
Quobyte Registry services specified as a string
as host:port pair (multiple entries are separated
with commas) which acts as the central registry
for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte volume
+ description: tenant owning the given Quobyte volume
in the Backend Used with dynamically provisioned
Quobyte volumes, value is set by the plugin
type: string
user:
- description: User to map volume access to Defaults
+ description: user to map volume access to Defaults
to serivceaccount user
type: string
volume:
- description: Volume is a string that references
+ description: volume is a string that references
an already created Quobyte volume by name.
type: string
required:
@@ -1823,44 +1901,46 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device mount
+ description: 'rbd represents a Rados Block Device mount
on the host that shares a pod''s lifetime. More info:
https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume that
- you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
image:
- description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring for
+ description: 'keyring is the path to key ring for
RBDUser. Default is /etc/ceph/keyring. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors. More
- info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is rbd.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication
+ description: 'secretRef is name of the authentication
secret for RBDUser. If provided overrides keyring.
Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -1871,38 +1951,40 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is admin.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent
+ description: scaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Default is
- "xfs".
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Default
+ is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO API
- Gateway.
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret
+ description: secretRef references to the secret
for ScaleIO user and other sensitive information.
If this is not provided, Login operation will
fail.
@@ -1914,27 +1996,28 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for a
- volume should be ThickProvisioned or ThinProvisioned.
+ description: storageMode indicates whether the storage
+ for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
type: string
system:
- description: The name of the storage system as configured
- in ScaleIO.
+ description: system is the name of the storage system
+ as configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that is
+ associated with this volume source.
type: string
required:
- gateway
@@ -1942,27 +2025,27 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should
+ description: 'secret represents a secret that should
populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for
- mode bits. Defaults to 0644. Directories within
- the path are not affected by this setting. This
- might be in conflict with other options that affect
- the file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value pair
- in the Data field of the referenced Secret will
- be projected into the volume as a file whose name
- is the key and content is the value. If specified,
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
the listed keys will be projected into the specified
paths, and unlisted keys will not be present.
If a key is specified which is not present in
@@ -1975,26 +2058,28 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used to
- set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both
- octal and decimal values, JSON requires
- decimal values for mode bits. If not specified,
- the volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the file
- to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
type: string
required:
- key
@@ -2002,30 +2087,31 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its keys
- must be defined
+ description: optional field specify whether the
+ Secret or its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s namespace
- to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the secret
+ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume
+ description: storageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write). ReadOnly
- here will force the ReadOnly setting in VolumeMounts.
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret to use
+ description: secretRef specifies the secret to use
for obtaining the StorageOS API credentials. If
not specified, default values will be attempted.
properties:
@@ -2036,13 +2122,14 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable name
+ description: volumeName is the human-readable name
of the StorageOS volume. Volume names are only
unique within a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope
+ description: volumeNamespace specifies the scope
of the volume within StorageOS. If no namespace
is specified then the Pod's namespace will be
used. This allows the Kubernetes name scoping
@@ -2054,26 +2141,27 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere volume
+ description: vsphereVolume represents a vSphere volume
attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must be a
- filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management (SPBM)
- profile ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management (SPBM)
- profile name.
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume
- vmdk
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
type: string
required:
- volumePath
@@ -2309,6 +2397,7 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in the
@@ -2415,10 +2504,12 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
@@ -2503,11 +2594,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -2609,10 +2766,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -2714,11 +2934,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -2820,10 +3106,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -2861,7 +3210,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -2874,7 +3223,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
envVars:
@@ -2890,14 +3239,15 @@
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in
- the container and any service environment variables.
+ using the previously defined environment variables
+ in the container and any service environment variables.
If a variable cannot be resolved, the reference in
- the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to
- "".'
+ the input string will be unchanged. Double $$ are
+ reduced to a single $, which allows for escaping the
+ $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -2922,6 +3272,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -2940,6 +3291,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -2965,6 +3317,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
@@ -2986,6 +3339,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -3005,6 +3359,7 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
initContainers:
description: Additional init containers to run in the pod.
@@ -3015,29 +3370,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -3054,14 +3412,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -3086,6 +3446,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -3105,6 +3466,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -3131,6 +3493,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -3153,6 +3516,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -3185,6 +3549,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -3203,10 +3568,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -3231,9 +3597,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -3298,10 +3662,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -3326,20 +3691,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -3404,10 +3766,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -3433,8 +3796,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3456,6 +3818,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3521,9 +3903,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3540,6 +3921,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3554,13 +3954,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -3608,8 +4008,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3631,6 +4030,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -3696,9 +4115,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -3715,6 +4133,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -3724,7 +4161,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -3734,7 +4171,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -3747,13 +4184,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -3762,12 +4200,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -3787,7 +4227,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -3795,11 +4237,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -3807,6 +4251,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -3826,7 +4272,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -3836,6 +4283,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -3858,7 +4307,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -3886,6 +4336,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -3897,6 +4349,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -3920,8 +4386,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -3943,6 +4408,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -4008,9 +4493,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -4027,6 +4511,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -4172,8 +4675,7 @@
the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -4235,9 +4737,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -4260,18 +4764,17 @@
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption,
resource contention, etc. The handler is not called
- if the container crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination grace
- period countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
+ if the container crashes or exits. The Pod''s termination
+ grace period countdown begins before the PreStop hook
+ is executed. Regardless of the outcome of the handler,
the container will eventually terminate within the Pod''s
- termination grace period. Other management of the container
- blocks until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ termination grace period (unless delayed by finalizers).
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -4333,9 +4836,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -4358,8 +4863,7 @@
description: Liveness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -4380,6 +4884,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -4443,9 +4966,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -4462,6 +4984,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -4487,7 +5027,8 @@
in the volume will be owned by FSGroup) 3. The permission
bits are OR'd with rw-rw---- \n If unset, the Kubelet
will not modify the ownership and permissions of any
- volume."
+ volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -4498,14 +5039,16 @@
permissions). It will have no effect on ephemeral volume
types such as: secret, configmaps and emptydir. Valid
values are "OnRootMismatch" and "Always". If not specified,
- "Always" is used.'
+ "Always" is used. Note that this field cannot be set
+ when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -4524,7 +5067,8 @@
if unspecified. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
- for that container.
+ for that container. Note that this field cannot be set
+ when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -4533,7 +5077,8 @@
allocate a random SELinux context for each container. May
also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -4554,7 +5099,8 @@
type: object
seccompProfile:
description: The seccomp options to use by the containers
- in this pod.
+ in this pod. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -4579,7 +5125,8 @@
description: A list of groups applied to the first process
run in each container, in addition to the container's
primary GID. If unspecified, no groups will be added
- to any container.
+ to any container. Note that this field cannot be set
+ when spec.os.name is windows.
items:
format: int64
type: integer
@@ -4587,7 +5134,8 @@
sysctls:
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls (by
- the container runtime) might fail to launch.
+ the container runtime) might fail to launch. Note that
+ this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be
set
@@ -4608,7 +5156,8 @@
all containers. If unspecified, the options within a
container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence.
+ specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
@@ -4620,6 +5169,19 @@
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. This
+ field is alpha-level and will only be honored by
+ components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod.
+ All of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
@@ -4637,8 +5199,7 @@
description: Readiness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -4659,6 +5220,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -4722,9 +5302,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -4741,6 +5320,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -4760,7 +5357,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -4773,7 +5370,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
serviceAccountName:
@@ -4787,29 +5384,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -4826,14 +5426,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -4858,6 +5460,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -4877,6 +5480,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -4903,6 +5507,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -4925,6 +5530,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -4957,6 +5563,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -4975,10 +5582,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -5003,9 +5611,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -5070,10 +5676,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -5098,20 +5705,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -5176,10 +5780,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -5205,8 +5810,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -5228,6 +5832,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -5293,9 +5917,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -5312,6 +5935,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -5326,13 +5968,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -5380,8 +6022,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -5403,6 +6044,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -5468,9 +6129,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -5487,6 +6147,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -5496,7 +6175,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -5506,7 +6185,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -5519,13 +6198,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -5534,12 +6214,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -5559,7 +6241,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -5567,11 +6251,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -5579,6 +6265,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -5598,7 +6286,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -5608,6 +6297,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -5630,7 +6321,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -5658,6 +6350,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -5669,6 +6363,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -5692,8 +6400,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -5715,6 +6422,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -5780,9 +6507,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -5799,6 +6525,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -5932,8 +6677,7 @@
description: Startup probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -5954,6 +6698,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -6017,9 +6780,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -6036,6 +6798,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -6149,44 +6929,120 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming
+ pod labels, those key-value labels are ANDed with
+ labelSelector to select the group of existing pods
+ over which spreading will be calculated for the incoming
+ pod. Keys that don't exist in the incoming pod labels
+ will be ignored. A null or empty list means only match
+ against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which
pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the
number of matching pods in the target topology and
- the global minimum. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
- spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- - if MaxSkew is 1, incoming pod can only be scheduled
- to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
- would make the ActualSkew(2-0) on zone1(zone2) violate
- MaxSkew(1). - if MaxSkew is 2, incoming pod can be
- scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ the global minimum. The global minimum is the minimum
+ number of matching pods in an eligible domain or zero
+ if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to
+ 1, and pods with the same labelSelector spread as
+ 2/2/1: In this case, the global minimum is 1. | zone1
+ | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3
+ to become 2/2/2; scheduling it onto zone1(zone2) would
+ make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto
+ any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies
that satisfy it. It''s a required field. Default value
is 1 and 0 is not allowed.'
format: int32
type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible domains
+ with matching topology keys is less than minDomains,
+ Pod Topology Spread treats \"global minimum\" as 0,
+ and then the calculation of Skew is performed. And
+ when the number of eligible domains with matching
+ topology keys equals or greater than minDomains, this
+ value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to
+ those domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are integers
+ greater than 0. When value is not nil, WhenUnsatisfiable
+ must be DoNotSchedule. \n For example, in a 3-zone
+ cluster, MaxSkew is set to 2, MinDomains is set to
+ 5 and pods with the same labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains),
+ so \"global minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod
+ is scheduled to any of the three zones, it will violate
+ MaxSkew. \n This is a beta field and requires the
+ MinDomainsInPodTopologySpread feature gate to be enabled
+ (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will
+ treat Pod's nodeAffinity/nodeSelector when calculating
+ pod topology spread skew. Options are: - Honor: only
+ nodes matching nodeAffinity/nodeSelector are included
+ in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a alpha-level feature
+ enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will
+ treat node taints when calculating pod topology spread
+ skew. Options are: - Honor: nodes without taints,
+ along with tainted nodes for which the incoming pod
+ has a toleration, are included. - Ignore: node taints
+ are ignored. All nodes are included. \n If this value
+ is nil, the behavior is equivalent to the Ignore policy.
+ This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
topologyKey:
description: TopologyKey is the key of node labels.
Nodes that have a label with this key and identical
values are considered to be in the same topology.
We consider each <key, value> as a "bucket", and try
- to put balanced number of pods into each bucket. It's
- a required field.
+ to put balanced number of pods into each bucket. We
+ define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose
+ nodes meet the requirements of nodeAffinityPolicy
+ and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal
with a pod if it doesn''t satisfy the spread constraint.
- DoNotSchedule (default) tells the scheduler not
to schedule it. - ScheduleAnyway tells the scheduler
- to schedule the pod in any location, but giving
- higher precedence to topologies that would help reduce
- the skew. A constraint is considered "Unsatisfiable"
- for an incoming pod if and only if every possible
- node assigment for that pod would violate "MaxSkew"
- on some topology. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
+ to schedule the pod in any location, but giving higher
+ precedence to topologies that would help reduce the
+ skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node
+ assignment for that pod would violate "MaxSkew" on
+ some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P
| P | P | If WhenUnsatisfiable is set to DoNotSchedule,
incoming pod can only be scheduled to zone2(zone3)
@@ -6262,76 +7118,76 @@
loaded into the solrCloud Pod
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an
+ description: 'awsElasticBlockStore represents an
AWS Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set
- the ReadOnly property in VolumeMounts to "true".
- If omitted, the default is "false". More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force
+ the readOnly setting in VolumeMounts. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk
- resource in AWS (Amazon EBS volume). More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data
+ description: azureDisk represents an Azure Data
Disk mount on the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read
- Only, Read Write.'
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the
- blob storage
+ description: diskName is the Name of the data
+ disk in the blob storage
type: string
diskURI:
- description: The URI the data disk in the blob
- storage
+ description: diskURI is the URI of data disk
+ in the blob storage
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple
- blob disks per storage account Dedicated:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed:
azure managed data disk (only in managed availability
set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
@@ -6340,55 +7196,58 @@
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File
+ description: azureFile represents an Azure File
Service mount on the host and bind mount to the
pod.
properties:
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains
- Azure Storage Account Name and Key
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name and
+ Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on
+ description: cephFS represents a Ceph FS mount on
the host that shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph tree,
+ default is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path
- to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default
+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference
- to the authentication secret for User, default
- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More
@@ -6397,33 +7256,36 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the
+ rados user name, default is admin More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume
+ description: 'cinder represents a cinder volume
attached and mounted on kubelets host machine.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points
+ to a secret object containing parameters used
+ to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More
@@ -6432,33 +7294,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the
+ description: 'volumeID used to identify the
volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that
+ description: configMap represents a configMap that
should populate this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items if unspecified, each key-value
pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -6474,29 +7337,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -6510,30 +7373,30 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents
+ description: csi (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
- description: Driver is the name of the CSI driver
+ description: driver is the name of the CSI driver
that handles this volume. Consult with your
admin for the correct name as registered in
the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI driver
- which will determine the default filesystem
- to apply.
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is
+ passed to the associated CSI driver which
+ will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
+ description: nodePublishSecretRef is a reference
to the secret object containing sensitive
information to pass to the CSI driver to complete
the CSI NodePublishVolume and NodeUnpublishVolume
@@ -6549,14 +7412,16 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults to
+ false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific
+ description: volumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for supported
values.
@@ -6565,7 +7430,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API
+ description: downwardAPI represents downward API
about the pod that should populate this volume
properties:
defaultMode:
@@ -6608,6 +7473,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used
to set permissions on this file, must
@@ -6658,66 +7524,63 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory
+ description: 'emptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which
- means to use the node''s default medium. Must
- be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of
+ storage medium should back this directory.
+ The default is "" which means to use the node''s
+ default medium. Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage
- required for this EmptyDir volume. The size
- limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir
- would be the minimum value between the SizeLimit
- specified here and the sum of memory limits
- of all containers in a pod. The default is
- nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the
+ sum of memory limits of all containers in
+ a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that
- is handled by a cluster storage driver (Alpha
- feature). The volume's lifecycle is tied to the
- pod that defines it - it will be created before
- the pod starts, and deleted when the pod is removed.
- \n Use this if: a) the volume is only needed while
- the pod runs, b) features of normal volumes like
- restoring from snapshot or capacity tracking
- are needed, c) the storage driver is specified
- through a storage class, and d) the storage driver
- supports dynamic volume provisioning through a
- PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim).
- \n Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than
- the lifecycle of an individual pod. \n Use CSI
- for light-weight local ephemeral volumes if the
- CSI driver is meant to be used that way - see
- the documentation of the driver for more information.
- \n A pod can use both types of ephemeral volumes
- and persistent volumes at the same time."
+ description: "ephemeral represents a volume that
+ is handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it -
+ it will be created before the pod starts, and
+ deleted when the pod is removed. \n Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the
+ storage driver is specified through a storage
+ class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information
+ on the connection between this volume type and
+ PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes
+ that persist for longer than the lifecycle of
+ an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of
+ the driver for more information. \n A pod can
+ use both types of ephemeral volumes and persistent
+ volumes at the same time."
properties:
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
volumeClaimTemplate:
description: "Will be used to create a stand-alone
PVC to provision the volume. The pod in which
@@ -6758,27 +7621,25 @@
are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the
+ description: 'accessModes contains the
desired access modes the volume should
have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used
- to specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
+ description: 'dataSource field can be
+ used to specify either: * An existing
+ VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that
- implements data population (Alpha)
- In order to use custom resource types
- that implement data population, the
- AnyVolumeDataSource feature gate must
- be enabled. If the provisioner or
- an external controller can support
- the specified data source, it will
- create a new volume based on the contents
- of the specified data source.'
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create a new
+ volume based on the contents of the
+ specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field
+ will always have the same contents
+ as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group
@@ -6801,10 +7662,72 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may be any
+ local object from a non-empty API
+ group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if
+ the type of the specified object matches
+ some installed volume populator or
+ dynamic provisioner. This field will
+ replace the functionality of the DataSource
+ field and as such if both fields are
+ non-empty, they must have the same
+ value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef)
+ will be set to the same value automatically
+ if one of them is empty and the other
+ is non-empty. There are two important
+ differences between DataSource and
+ DataSourceRef: * While DataSource
+ only allows two specific types of
+ objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores
+ disallowed values (dropping them),
+ DataSourceRef preserves all values,
+ and generates an error if a disallowed
+ value is specified. (Beta) Using this
+ field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the
+ description: 'resources represents the
minimum resources the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements that
+ are lower than previous value but
+ must still be higher than capacity
+ recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -6815,7 +7738,7 @@
x-kubernetes-int-or-string: true
description: 'Limits describes the
maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -6831,12 +7754,12 @@
defaults to Limits if that is
explicitly specified, otherwise
to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes
- to consider for binding.
+ description: selector is a label query
+ over volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is
@@ -6894,10 +7817,11 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass
- required by the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the
+ name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what
@@ -6906,7 +7830,7 @@
when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding
+ description: volumeName is the binding
reference to the PersistentVolume
backing this claim.
type: string
@@ -6916,36 +7840,37 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource
+ description: fc represents a Fibre Channel resource
that is attached to a kubelet's host machine and
then exposed to the pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors
+ in the filesystem from compromising the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun
+ number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide
- names (WWNs)'
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide
- identifiers (wwids) Either wwids or combination
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or combination
of targetWWNs and lun must be set, but not
both simultaneously.'
items:
@@ -6953,40 +7878,40 @@
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume
+ description: flexVolume represents a generic volume
resource that is provisioned/attached using an
exec based plugin.
properties:
driver:
- description: Driver is the name of the driver
+ description: driver is the name of the driver
to use for this volume.
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- The default filesystem depends on FlexVolume
- script.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options
- if any.'
+ description: 'options is Optional: this field
+ holds extra command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference
- to the secret object containing sensitive
- information to pass to the plugin scripts.
- This may be empty if no secret object is specified.
- If the secret object contains more than one
- secret, all secrets are passed to the plugin
- scripts.'
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret object
+ is specified. If the secret object contains
+ more than one secret, all secrets are passed
+ to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More
@@ -6995,57 +7920,59 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume
+ description: flocker represents a Flocker volume
attached to a kubelet's host machine. This depends
on the Flocker control service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should
- be considered as deprecated
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset
+ for Flocker should be considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a Flocker
+ dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE
+ description: 'gcePersistentDisk represents a GCE
Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ description: 'fsType is filesystem type of the
+ volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource
- in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD
+ resource in GCE. Used to identify the disk
+ in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
@@ -7053,7 +7980,7 @@
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository
+ description: 'gitRepo represents a git repository
at a particular revision. DEPRECATED: GitRepo
is deprecated. To provision a container with a
git repo, mount an EmptyDir into an InitContainer
@@ -7061,38 +7988,39 @@
EmptyDir into the Pod''s container.'
properties:
directory:
- description: Target directory name. Must not
- contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the
- git repository in the subdirectory with the
- given name.
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will
+ be the git repository. Otherwise, if specified,
+ the volume will contain the git repository
+ in the subdirectory with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for
+ the specified revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
+ description: 'glusterfs represents a Glusterfs mount
on the host that shares a pod''s lifetime. More
info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint
- name that details Glusterfs topology. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: 'endpoints is the endpoint name
+ that details Glusterfs topology. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path.
+ description: 'path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs
+ description: 'readOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -7101,7 +8029,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing
+ description: 'hostPath represents a pre-existing
file or directory on the host machine that is
directly exposed to the container. This is generally
used for system agents or other privileged things
@@ -7112,74 +8040,76 @@
mount host directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host.
+ description: 'path of the directory on the host.
If the path is a symlink, it will follow the
link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults
+ description: 'type for HostPath Volume Defaults
to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
+ description: 'iscsi represents an ISCSI Disk resource
that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery
- CHAP authentication
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If
- initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface <target
- portal>:<volume name> will be created for
- the connection.
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new iSCSI
+ interface <target portal>:<volume name> will
+ be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified
+ Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses
- an iSCSI transport. Defaults to 'default'
- (tcp).
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun
+ number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly
+ description: readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and
- initiator authentication
+ description: secretRef is the CHAP Secret for
+ iSCSI target and initiator authentication
properties:
name:
description: 'Name of the referent. More
@@ -7188,11 +8118,12 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
type: string
required:
- iqn
@@ -7200,21 +8131,21 @@
- targetPortal
type: object
nfs:
- description: 'NFS represents an NFS mount on the
+ description: 'nfs represents an NFS mount on the
host that shares a pod''s lifetime More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS
+ description: 'path that is exported by the NFS
server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS
+ description: 'readOnly here will force the NFS
export to be mounted with read-only permissions.
Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address
+ description: 'server is the hostname or IP address
of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -7222,97 +8153,98 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource
+ description: 'persistentVolumeClaimVolumeSource
represents a reference to a PersistentVolumeClaim
in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this
volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting
- in VolumeMounts. Default false.
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets
host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller
- persistent disk
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx
+ description: portworxVolume represents a portworx
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem
+ description: fSType represents the filesystem
type to mount Must be a filesystem type supported
by the host operating system. Ex. "ext4",
"xfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a
+ description: volumeID uniquely identifies a
Portworx volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options that
- affect the file mode, like fsGroup, and the
- result can be other mode bits set.
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
- description: information about the configMap
- data to project
+ description: configMap information about
+ the configMap data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced ConfigMap will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced ConfigMap
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
the listed keys will be projected
into the specified paths, and unlisted
keys will not be present. If a key
@@ -7327,11 +8259,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -7348,9 +8281,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -7367,13 +8300,15 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
+ description: optional specify whether
+ the ConfigMap or its keys must be
+ defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI
- data to project
+ description: downwardAPI information about
+ the downwardAPI data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -7403,6 +8338,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode
bits used to set permissions
@@ -7461,24 +8397,25 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret
- data to project
+ description: secret information about
+ the secret data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced Secret will be
- projected into the volume as a file
- whose name is the key and content
- is the value. If specified, the
- listed keys will be projected into
- the specified paths, and unlisted
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced Secret will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
keys will not be present. If a key
is specified which is not present
in the Secret, the volume setup
@@ -7491,11 +8428,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -7512,9 +8450,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -7531,16 +8469,19 @@
kind, uid?'
type: string
optional:
- description: Specify whether the Secret
- or its key must be defined
+ description: optional field specify
+ whether the Secret or its key must
+ be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to
+ project
properties:
audience:
- description: Audience is the intended
+ description: audience is the intended
audience of the token. A recipient
of a token must identify itself
with an identifier specified in
@@ -7550,7 +8491,7 @@
apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is
+ description: expirationSeconds is
the requested duration of validity
of the service account token. As
the token approaches expiration,
@@ -7565,7 +8506,7 @@
format: int64
type: integer
path:
- description: Path is the path relative
+ description: path is the path relative
to the mount point of the file to
project the token into.
type: string
@@ -7576,37 +8517,37 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount
+ description: quobyte represents a Quobyte mount
on the host that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default
+ description: group to map volume access to Default
is no group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte
+ description: readOnly here will force the Quobyte
volume to be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
- description: Registry represents a single or
+ description: registry represents a single or
multiple Quobyte Registry services specified
as a string as host:port pair (multiple entries
are separated with commas) which acts as the
central registry for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte
+ description: tenant owning the given Quobyte
volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set
by the plugin
type: string
user:
- description: User to map volume access to Defaults
+ description: user to map volume access to Defaults
to serivceaccount user
type: string
volume:
- description: Volume is a string that references
+ description: volume is a string that references
an already created Quobyte volume by name.
type: string
required:
@@ -7614,46 +8555,46 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device
+ description: 'rbd represents a Rados Block Device
mount on the host that shares a pod''s lifetime.
More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
image:
- description: 'The rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring
+ description: 'keyring is the path to key ring
for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication
+ description: 'secretRef is name of the authentication
secret for RBDUser. If provided overrides
keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -7664,39 +8605,41 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent
+ description: scaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO
- API Gateway.
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
+ description: protectionDomain is the name of
+ the ScaleIO Protection Domain for the configured
+ storage.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret
+ description: secretRef references to the secret
for ScaleIO user and other sensitive information.
If this is not provided, Login operation will
fail.
@@ -7708,27 +8651,28 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for
- a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
+ description: storageMode indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
type: string
system:
- description: The name of the storage system
- as configured in ScaleIO.
+ description: system is the name of the storage
+ system as configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that
+ is associated with this volume source.
type: string
required:
- gateway
@@ -7736,25 +8680,25 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should
+ description: 'secret represents a secret that should
populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is Optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items If unspecified, each key-value
pair in the Data field of the referenced Secret
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -7770,29 +8714,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -7800,31 +8744,33 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its
- keys must be defined
+ description: optional field specify whether
+ the Secret or its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s
- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the
+ secret in the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume
+ description: storageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret
+ description: secretRef specifies the secret
to use for obtaining the StorageOS API credentials. If
not specified, default values will be attempted.
properties:
@@ -7835,13 +8781,14 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable
+ description: volumeName is the human-readable
name of the StorageOS volume. Volume names
are only unique within a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope
+ description: volumeNamespace specifies the scope
of the volume within StorageOS. If no namespace
is specified then the Pod's namespace will
be used. This allows the Kubernetes name
@@ -7854,26 +8801,28 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere
+ description: vsphereVolume represents a vSphere
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management
- (SPBM) profile name.
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume
- vmdk
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
type: string
required:
- volumePath
@@ -7928,22 +8877,23 @@
the emptydir volume that will store Solr data.
properties:
medium:
- description: 'What type of storage medium should back
- this directory. The default is "" which means to use
- the node''s default medium. Must be an empty string
- (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage medium
+ should back this directory. The default is "" which
+ means to use the node''s default medium. Must be an
+ empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required for
- this EmptyDir volume. The size limit is also applicable
- for memory medium. The maximum usage on memory medium
- EmptyDir would be the minimum value between the SizeLimit
- specified here and the sum of memory limits of all containers
- in a pod. The default is nil which means that the limit
- is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local storage
+ required for this EmptyDir volume. The size limit is
+ also applicable for memory medium. The maximum usage
+ on memory medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the sum of
+ memory limits of all containers in a pod. The default
+ is nil which means that the limit is undefined. More
+ info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
@@ -7954,12 +8904,12 @@
otherwise hostPath takes precedence over EmptyDir."
properties:
path:
- description: 'Path of the directory on the host. If the
+ description: 'path of the directory on the host. If the
path is a symlink, it will follow the link to the real
path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults to ""
+ description: 'type for HostPath Volume Defaults to ""
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
@@ -8018,22 +8968,21 @@
as in a PersistentVolumeClaim are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) * An existing
- custom resource that implements data population
- (Alpha) In order to use custom resource types that
- implement data population, the AnyVolumeDataSource
- feature gate must be enabled. If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source.'
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have the same
+ contents as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -8054,9 +9003,59 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object) or
+ a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed if
+ the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field
+ will replace the functionality of the DataSource
+ field and as such if both fields are non-empty,
+ they must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will
+ be set to the same value automatically if one of
+ them is empty and the other is non-empty. There
+ are two important differences between DataSource
+ and DataSourceRef: * While DataSource only allows
+ two specific types of objects, DataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed values
+ (dropping them), DataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -8066,7 +9065,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -8080,12 +9079,12 @@
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider
- for binding.
+ description: selector is a label query over volumes
+ to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -8131,9 +9130,10 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required by
- the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume
@@ -8141,20 +9141,20 @@
implied when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference to
+ description: volumeName is the binding reference to
the PersistentVolume backing this claim.
type: string
type: object
type: object
reclaimPolicy:
description: 'VolumeReclaimPolicy determines how the Solr
- Cloud''s PVCs will be treated after the cloud is deleted. -
- Retain: This is the default Kubernetes policy, where PVCs
+ Cloud''s PVCs will be treated after the cloud is deleted.
+ - Retain: This is the default Kubernetes policy, where PVCs
created for StatefulSets are not deleted when the StatefulSet
- is deleted. - Delete: The PVCs will be deleted by the
- Solr Operator after the SolrCloud object is deleted. The
- default value is Retain, so no data will be deleted unless
- explicitly configured.'
+ is deleted. - Delete: The PVCs will be deleted by the Solr
+ Operator after the SolrCloud object is deleted. The default
+ value is Retain, so no data will be deleted unless explicitly
+ configured.'
enum:
- Retain
- Delete
@@ -8342,6 +9342,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
mountedTLSDir:
description: Used to specify a path where the keystore, truststore,
and password files for the TLS certificate are mounted by an
@@ -8395,6 +9396,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
restartOnTLSSecretUpdate:
description: Opt-in flag to restart Solr pods after TLS secret
updates, such as if the cert is renewed; default is false. This
@@ -8422,6 +9424,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
trustStoreSecret:
description: TLS Secret containing a pkcs12 truststore; if not
provided, then the keystore and password are used for the truststore
@@ -8443,6 +9446,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
verifyClientHostname:
description: Verify client's hostname during SSL handshake Only
applies for server configuration
@@ -8540,6 +9544,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
probesRequireAuth:
description: Flag to indicate if the configured HTTP endpoint(s)
used for the probes require authentication; defaults to false.
@@ -8587,6 +9592,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
mountedTLSDir:
description: Used to specify a path where the keystore, truststore,
and password files for the TLS certificate are mounted by an
@@ -8640,6 +9646,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
restartOnTLSSecretUpdate:
description: Opt-in flag to restart Solr pods after TLS secret
updates, such as if the cert is renewed; default is false. This
@@ -8667,6 +9674,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
trustStoreSecret:
description: TLS Secret containing a pkcs12 truststore; if not
provided, then the keystore and password are used for the truststore
@@ -8688,6 +9696,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
verifyClientHostname:
description: Verify client's hostname during SSL handshake Only
applies for server configuration
@@ -8739,11 +9748,11 @@
type: string
restartSchedule:
description: "Perform a scheduled restart on the given schedule,
- in CRON format. \n Multiple CRON syntaxes are supported -
- Standard CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined
- Schedules (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals
- (e.g. \"@every 10h30m\") \n For more information please check
- this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
+ in CRON format. \n Multiple CRON syntaxes are supported - Standard
+ CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
+ (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every
+ 10h30m\") \n For more information please check this reference:
+ https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
type: string
type: object
zookeeperRef:
@@ -8821,9 +9830,9 @@
provided:
description: 'Create a new Zookeeper Ensemble with the following
spec Note: This option will not allow the SolrCloud to run across
- kube-clusters. Note: Requires - The zookeeperOperator flag
- to be provided to the Solr Operator - A zookeeper operator
- to be running'
+ kube-clusters. Note: Requires - The zookeeperOperator flag to
+ be provided to the Solr Operator - A zookeeper operator to be
+ running'
properties:
acl:
description: ZooKeeper ACL to use when connecting with ZK.
@@ -8957,23 +9966,24 @@
storage required for this EmptyDir volume.
properties:
medium:
- description: 'What type of storage medium should back
- this directory. The default is "" which means to
- use the node''s default medium. Must be an empty
- string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of storage
+ medium should back this directory. The default is
+ "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage required
- for this EmptyDir volume. The size limit is also
- applicable for memory medium. The maximum usage
- on memory medium EmptyDir would be the minimum value
- between the SizeLimit specified here and the sum
- of memory limits of all containers in a pod. The
- default is nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The size
+ limit is also applicable for memory medium. The
+ maximum usage on memory medium EmptyDir would be
+ the minimum value between the SizeLimit specified
+ here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that the
+ limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
@@ -9020,22 +10030,21 @@
get created.
properties:
accessModes:
- description: 'AccessModes contains the desired access
+ description: 'accessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim) * An existing
- custom resource that implements data population
- (Alpha) In order to use custom resource types that
- implement data population, the AnyVolumeDataSource
- feature gate must be enabled. If the provisioner
- or an external controller can support the specified
- data source, it will create a new volume based on
- the contents of the specified data source.'
+ description: 'dataSource field can be used to specify
+ either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim) If the
+ provisioner or an external controller can support
+ the specified data source, it will create a new
+ volume based on the contents of the specified data
+ source. If the AnyVolumeDataSource feature gate
+ is enabled, this field will always have the same
+ contents as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group for the resource
@@ -9056,9 +10065,59 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from
+ which to populate the volume with data, if a non-empty
+ volume is desired. This may be any local object
+ from a non-empty API group (non core object) or
+ a PersistentVolumeClaim object. When this field
+ is specified, volume binding will only succeed if
+ the type of the specified object matches some installed
+ volume populator or dynamic provisioner. This field
+ will replace the functionality of the DataSource
+ field and as such if both fields are non-empty,
+ they must have the same value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef) will
+ be set to the same value automatically if one of
+ them is empty and the other is non-empty. There
+ are two important differences between DataSource
+ and DataSourceRef: * While DataSource only allows
+ two specific types of objects, DataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores disallowed values
+ (dropping them), DataSourceRef preserves all values,
+ and generates an error if a disallowed value is
+ specified. (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced. If APIGroup is not specified,
+ the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of resource being
+ referenced
+ type: string
+ name:
+ description: Name is the name of resource being
+ referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the minimum resources
- the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ description: 'resources represents the minimum resources
+ the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to specify
+ resource requirements that are lower than previous
+ value but must still be higher than capacity recorded
+ in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -9068,7 +10127,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -9082,12 +10141,12 @@
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes to consider
- for binding.
+ description: selector is a label query over volumes
+ to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label
@@ -9133,9 +10192,10 @@
The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass required by
- the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the name of the
+ StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume
@@ -9143,7 +10203,7 @@
implied when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding reference to
+ description: volumeName is the binding reference to
the PersistentVolume backing this claim.
type: string
type: object
@@ -9294,6 +10354,7 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in
@@ -9407,10 +10468,12 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules
@@ -9501,11 +10564,84 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies
- to (matches against); null or empty
- list means "this pod's namespace"
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
items:
type: string
type: array
@@ -9612,11 +10748,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -9725,11 +10927,84 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies
- to (matches against); null or empty
- list means "this pod's namespace"
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
items:
type: string
type: array
@@ -9836,11 +11111,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -9880,14 +11221,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME) are
- expanded using the previous defined environment
+ expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved, the
reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a double
- $$, ie: $$(VAR_NAME). Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -9912,6 +11255,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -9930,6 +11274,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -9956,6 +11301,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the
pod's namespace
@@ -9977,6 +11323,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -9997,6 +11344,7 @@
uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
labels:
additionalProperties:
@@ -10021,7 +11369,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -10034,7 +11382,7 @@
of compute resources required. If Requests is omitted
for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
@@ -10050,7 +11398,8 @@
created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n
If unset, the Kubelet will not modify the ownership
- and permissions of any volume."
+ and permissions of any volume. Note that this field
+ cannot be set when spec.os.name is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -10061,7 +11410,9 @@
based ownership(and permissions). It will have no
effect on ephemeral volume types such as: secret,
configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.'
+ and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name
+ is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the
@@ -10069,7 +11420,8 @@
May also be set in SecurityContext. If set in both
SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for
- that container.
+ that container. Note that this field cannot be set
+ when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -10088,7 +11440,8 @@
image metadata if unspecified. May also be set in
SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -10098,7 +11451,8 @@
container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
- for that container.
+ for that container. Note that this field cannot
+ be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that
@@ -10119,7 +11473,8 @@
type: object
seccompProfile:
description: The seccomp options to use by the containers
- in this pod.
+ in this pod. Note that this field cannot be set
+ when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -10144,7 +11499,8 @@
description: A list of groups applied to the first
process run in each container, in addition to the
container's primary GID. If unspecified, no groups
- will be added to any container.
+ will be added to any container. Note that this field
+ cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
@@ -10153,6 +11509,8 @@
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls
(by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name
+ is windows.
items:
description: Sysctl defines a kernel parameter to
be set
@@ -10174,6 +11532,8 @@
a container's SecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
@@ -10185,6 +11545,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be honored
+ by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run the
entrypoint of the container process. Defaults
@@ -10431,13 +11805,6 @@
specReplicasPath: .spec.replicas
statusReplicasPath: .status.readyReplicas
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
-
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -10445,7 +11812,7 @@
annotations:
operator.solr.apache.org/version: v0.7.0-prerelease
argocd.argoproj.io/sync-options: Replace=true
- controller-gen.kubebuilder.io/version: v0.6.0
+ controller-gen.kubebuilder.io/version: v0.10.0
creationTimestamp: null
name: solrprometheusexporters.solr.apache.org
spec:
@@ -10657,6 +12024,7 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in the
@@ -10763,10 +12131,12 @@
type: object
type: array
type: object
+ x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
+ x-kubernetes-map-type: atomic
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
@@ -10851,11 +12221,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -10957,10 +12393,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -11062,11 +12561,77 @@
ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which
- namespaces the labelSelector applies to
- (matches against); null or empty list
- means "this pod's namespace"
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
items:
type: string
type: array
@@ -11168,10 +12733,73 @@
only "value". The requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
namespaces:
- description: namespaces specifies which namespaces
- the labelSelector applies to (matches against);
- null or empty list means "this pod's namespace"
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace".
items:
type: string
type: array
@@ -11209,7 +12837,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -11222,7 +12850,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
envVars:
@@ -11238,14 +12866,15 @@
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
- using the previous defined environment variables in
- the container and any service environment variables.
+ using the previously defined environment variables
+ in the container and any service environment variables.
If a variable cannot be resolved, the reference in
- the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Defaults to
- "".'
+ the input string will be unchanged. Double $$ are
+ reduced to a single $, which allows for escaping the
+ $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
@@ -11270,6 +12899,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
@@ -11288,6 +12918,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -11313,6 +12944,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
@@ -11334,6 +12966,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -11353,6 +12986,7 @@
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
type: array
initContainers:
description: Additional init containers to run in the pod.
@@ -11363,29 +12997,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -11402,14 +13039,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -11434,6 +13073,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -11453,6 +13093,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -11479,6 +13120,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -11501,6 +13143,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -11533,6 +13176,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -11551,10 +13195,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -11579,9 +13224,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -11646,10 +13289,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -11674,20 +13318,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -11752,10 +13393,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -11781,8 +13423,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -11804,6 +13445,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -11869,9 +13530,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -11888,6 +13548,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -11902,13 +13581,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -11956,8 +13635,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -11979,6 +13657,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -12044,9 +13742,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -12063,6 +13760,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -12072,7 +13788,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -12082,7 +13798,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -12095,13 +13811,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -12110,12 +13827,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -12135,7 +13854,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -12143,11 +13864,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -12155,6 +13878,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -12174,7 +13899,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -12184,6 +13910,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -12206,7 +13934,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -12234,6 +13963,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -12245,6 +13976,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -12268,8 +14013,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -12291,6 +14035,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -12356,9 +14120,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -12375,6 +14138,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -12520,8 +14302,7 @@
the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -12583,9 +14364,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -12608,18 +14391,17 @@
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption,
resource contention, etc. The handler is not called
- if the container crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination grace
- period countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
+ if the container crashes or exits. The Pod''s termination
+ grace period countdown begins before the PreStop hook
+ is executed. Regardless of the outcome of the handler,
the container will eventually terminate within the Pod''s
- termination grace period. Other management of the container
- blocks until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ termination grace period (unless delayed by finalizers).
+ Other management of the container blocks until the hook
+ completes or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -12681,9 +14463,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of this field
+ and lifecycle hooks will fail in runtime when tcp
+ handler is specified.
properties:
host:
description: 'Optional: Host name to connect to,
@@ -12706,8 +14490,7 @@
description: Liveness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -12728,6 +14511,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -12791,9 +14593,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -12810,6 +14611,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -12835,7 +14654,8 @@
in the volume will be owned by FSGroup) 3. The permission
bits are OR'd with rw-rw---- \n If unset, the Kubelet
will not modify the ownership and permissions of any
- volume."
+ volume. Note that this field cannot be set when spec.os.name
+ is windows."
format: int64
type: integer
fsGroupChangePolicy:
@@ -12846,14 +14666,16 @@
permissions). It will have no effect on ephemeral volume
types such as: secret, configmaps and emptydir. Valid
values are "OnRootMismatch" and "Always". If not specified,
- "Always" is used.'
+ "Always" is used. Note that this field cannot be set
+ when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
@@ -12872,7 +14694,8 @@
if unspecified. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
- for that container.
+ for that container. Note that this field cannot be set
+ when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -12881,7 +14704,8 @@
allocate a random SELinux context for each container. May
also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
@@ -12902,7 +14726,8 @@
type: object
seccompProfile:
description: The seccomp options to use by the containers
- in this pod.
+ in this pod. Note that this field cannot be set when
+ spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -12927,7 +14752,8 @@
description: A list of groups applied to the first process
run in each container, in addition to the container's
primary GID. If unspecified, no groups will be added
- to any container.
+ to any container. Note that this field cannot be set
+ when spec.os.name is windows.
items:
format: int64
type: integer
@@ -12935,7 +14761,8 @@
sysctls:
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls (by
- the container runtime) might fail to launch.
+ the container runtime) might fail to launch. Note that
+ this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be
set
@@ -12956,7 +14783,8 @@
all containers. If unspecified, the options within a
container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence.
+ specified in SecurityContext takes precedence. Note
+ that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
@@ -12968,6 +14796,19 @@
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container. This
+ field is alpha-level and will only be honored by
+ components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the feature
+ flag will result in errors when validating the Pod.
+ All of a Pod's containers must have the same effective
+ HostProcess value (it is not allowed to have a mix
+ of HostProcess containers and non-HostProcess containers). In
+ addition, if HostProcess is true then HostNetwork
+ must also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
@@ -12985,8 +14826,7 @@
description: Readiness probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -13007,6 +14847,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -13070,9 +14929,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -13089,6 +14947,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -13108,7 +14984,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -13121,7 +14997,7 @@
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
serviceAccountName:
@@ -13135,29 +15011,32 @@
to run within a pod.
properties:
args:
- description: 'Arguments to the entrypoint. The docker
+ description: 'Arguments to the entrypoint. The container
image''s CMD is used if this is not provided. Variable
references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a double $$,
- ie: $$(VAR_NAME). Escaped references will never be
- expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used if
- this is not provided. Variable references $(VAR_NAME)
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If
a variable cannot be resolved, the reference in the
- input string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
@@ -13174,14 +15053,16 @@
type: string
value:
description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined environment
+ are expanded using the previously defined environment
variables in the container and any service environment
variables. If a variable cannot be resolved,
the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to "".'
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
type: string
valueFrom:
description: Source for the environment variable's
@@ -13206,6 +15087,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
@@ -13225,6 +15107,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
@@ -13251,6 +15134,7 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
@@ -13273,6 +15157,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
type: object
required:
- name
@@ -13305,6 +15190,7 @@
must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
@@ -13323,10 +15209,11 @@
be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
type: object
type: array
image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config
management to default or override container images
in workload controllers like Deployments and StatefulSets.'
@@ -13351,9 +15238,7 @@
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -13418,10 +15303,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -13446,20 +15332,17 @@
or management event such as liveness/startup probe
failure, preemption, resource contention, etc.
The handler is not called if the container crashes
- or exits. The reason for termination is passed
- to the handler. The Pod''s termination grace period
- countdown begins before the PreStop hooked is
- executed. Regardless of the outcome of the handler,
- the container will eventually terminate within
- the Pod''s termination grace period. Other management
- of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line
@@ -13524,10 +15407,11 @@
- port
type: object
tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
properties:
host:
description: 'Optional: Host name to connect
@@ -13553,8 +15437,7 @@
be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -13576,6 +15459,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -13641,9 +15544,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -13660,6 +15562,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -13674,13 +15595,13 @@
type: string
ports:
description: List of ports to expose from the container.
- Exposing a port here gives the system additional information
- about the network connections a container uses, but
- is primarily informational. Not specifying a port
- here DOES NOT prevent that port from being exposed.
- Any port which is listening on the default "0.0.0.0"
- address inside a container will be accessible from
- the network. Cannot be updated.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
items:
description: ContainerPort represents a network port
in a single container.
@@ -13728,8 +15649,7 @@
the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -13751,6 +15671,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -13816,9 +15756,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -13835,6 +15774,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -13844,7 +15802,7 @@
type: object
resources:
description: 'Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
properties:
limits:
additionalProperties:
@@ -13854,7 +15812,7 @@
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -13867,13 +15825,14 @@
of compute resources required. If Requests is
omitted for a container, it defaults to Limits
if that is explicitly specified, otherwise to
- an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
securityContext:
- description: 'Security options the pod should run with.
- More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls
@@ -13882,12 +15841,14 @@
if the no_new_privs flag will be set on the container
process. AllowPrivilegeEscalation is true always
when the container is: 1) run as Privileged 2)
- has CAP_SYS_ADMIN'
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
- granted by the container runtime.
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
@@ -13907,7 +15868,9 @@
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
- to root on the host. Defaults to false.
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
type: boolean
procMount:
description: procMount denotes the type of proc
@@ -13915,11 +15878,13 @@
DefaultProcMount which uses the container runtime
defaults for readonly paths and masked paths.
This requires the ProcMountType feature flag to
- be enabled.
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
- root filesystem. Default is false.
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
@@ -13927,6 +15892,8 @@
May also be set in PodSecurityContext. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
format: int64
type: integer
runAsNonRoot:
@@ -13946,7 +15913,8 @@
in image metadata if unspecified. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
@@ -13956,6 +15924,8 @@
container. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
properties:
level:
description: Level is SELinux level label that
@@ -13978,7 +15948,8 @@
description: The seccomp options to use by this
container. If seccomp options are provided at
both the pod & container level, the container
- options override the pod options.
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
@@ -14006,6 +15977,8 @@
from the PodSecurityContext will be used. If set
in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
@@ -14017,6 +15990,20 @@
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process. Defaults
@@ -14040,8 +16027,7 @@
operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to
@@ -14063,6 +16049,26 @@
Defaults to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
@@ -14128,9 +16134,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO:
- implement a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving
+ a TCP port.
properties:
host:
description: 'Optional: Host name to connect
@@ -14147,6 +16152,25 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the
probe times out. Defaults to 1 second. Minimum
@@ -14280,8 +16304,7 @@
description: Startup probe parameters
properties:
exec:
- description: One and only one of the following should
- be specified. Exec specifies the action to take.
+ description: Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
@@ -14302,6 +16325,25 @@
to 3. Minimum value is 1.
format: int32
type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC
+ port. This is a beta field and requires enabling GRPCContainerProbe
+ feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number
+ must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service to
+ place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
@@ -14365,9 +16407,8 @@
format: int32
type: integer
tcpSocket:
- description: 'TCPSocket specifies an action involving
- a TCP port. TCP hooks not yet supported TODO: implement
- a realistic TCP lifecycle hook'
+ description: TCPSocket specifies an action involving a
+ TCP port.
properties:
host:
description: 'Optional: Host name to connect to, defaults
@@ -14384,6 +16425,24 @@
required:
- port
type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully upon probe failure. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. If this value is nil,
+ the pod's terminationGracePeriodSeconds will be used.
+ Otherwise, this value overrides the value provided by
+ the pod spec. Value must be non-negative integer. The
+ value zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta field
+ and requires enabling ProbeTerminationGracePeriod feature
+ gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
timeoutSeconds:
description: 'Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value is 1.
@@ -14497,44 +16556,120 @@
requirements are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label keys
+ to select the pods over which spreading will be calculated.
+ The keys are used to lookup values from the incoming
+ pod labels, those key-value labels are ANDed with
+ labelSelector to select the group of existing pods
+ over which spreading will be calculated for the incoming
+ pod. Keys that don't exist in the incoming pod labels
+ will be ignored. A null or empty list means only match
+ against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which
pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the
number of matching pods in the target topology and
- the global minimum. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
- spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- - if MaxSkew is 1, incoming pod can only be scheduled
- to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
- would make the ActualSkew(2-0) on zone1(zone2) violate
- MaxSkew(1). - if MaxSkew is 2, incoming pod can be
- scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ the global minimum. The global minimum is the minimum
+ number of matching pods in an eligible domain or zero
+ if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to
+ 1, and pods with the same labelSelector spread as
+ 2/2/1: In this case, the global minimum is 1. | zone1
+ | zone2 | zone3 | | P P | P P | P | - if MaxSkew
+ is 1, incoming pod can only be scheduled to zone3
+ to become 2/2/2; scheduling it onto zone1(zone2) would
+ make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto
+ any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies
that satisfy it. It''s a required field. Default value
is 1 and 0 is not allowed.'
format: int32
type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible domains
+ with matching topology keys is less than minDomains,
+ Pod Topology Spread treats \"global minimum\" as 0,
+ and then the calculation of Skew is performed. And
+ when the number of eligible domains with matching
+ topology keys equals or greater than minDomains, this
+ value has no effect on scheduling. As a result, when
+ the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to
+ those domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are integers
+ greater than 0. When value is not nil, WhenUnsatisfiable
+ must be DoNotSchedule. \n For example, in a 3-zone
+ cluster, MaxSkew is set to 2, MinDomains is set to
+ 5 and pods with the same labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 | | P P | P P | P P |
+ The number of domains is less than 5(MinDomains),
+ so \"global minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod
+ is scheduled to any of the three zones, it will violate
+ MaxSkew. \n This is a beta field and requires the
+ MinDomainsInPodTopologySpread feature gate to be enabled
+ (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we will
+ treat Pod's nodeAffinity/nodeSelector when calculating
+ pod topology spread skew. Options are: - Honor: only
+ nodes matching nodeAffinity/nodeSelector are included
+ in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a alpha-level feature
+ enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we will
+ treat node taints when calculating pod topology spread
+ skew. Options are: - Honor: nodes without taints,
+ along with tainted nodes for which the incoming pod
+ has a toleration, are included. - Ignore: node taints
+ are ignored. All nodes are included. \n If this value
+ is nil, the behavior is equivalent to the Ignore policy.
+ This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
topologyKey:
description: TopologyKey is the key of node labels.
Nodes that have a label with this key and identical
values are considered to be in the same topology.
We consider each <key, value> as a "bucket", and try
- to put balanced number of pods into each bucket. It's
- a required field.
+ to put balanced number of pods into each bucket. We
+ define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose
+ nodes meet the requirements of nodeAffinityPolicy
+ and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+ each Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is a domain
+ of that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal
with a pod if it doesn''t satisfy the spread constraint.
- DoNotSchedule (default) tells the scheduler not
to schedule it. - ScheduleAnyway tells the scheduler
- to schedule the pod in any location, but giving
- higher precedence to topologies that would help reduce
- the skew. A constraint is considered "Unsatisfiable"
- for an incoming pod if and only if every possible
- node assigment for that pod would violate "MaxSkew"
- on some topology. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same labelSelector
+ to schedule the pod in any location, but giving higher
+ precedence to topologies that would help reduce the
+ skew. A constraint is considered "Unsatisfiable" for
+ an incoming pod if and only if every possible node
+ assignment for that pod would violate "MaxSkew" on
+ some topology. For example, in a 3-zone cluster, MaxSkew
+ is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P
| P | P | If WhenUnsatisfiable is set to DoNotSchedule,
incoming pod can only be scheduled to zone2(zone3)
@@ -14610,76 +16745,76 @@
loaded into the solrCloud Pod
properties:
awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an
+ description: 'awsElasticBlockStore represents an
AWS Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty).'
format: int32
type: integer
readOnly:
- description: 'Specify "true" to force and set
- the ReadOnly property in VolumeMounts to "true".
- If omitted, the default is "false". More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'readOnly value true will force
+ the readOnly setting in VolumeMounts. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
- description: 'Unique ID of the persistent disk
- resource in AWS (Amazon EBS volume). More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
- description: AzureDisk represents an Azure Data
+ description: azureDisk represents an Azure Data
Disk mount on the host and bind mount to the pod.
properties:
cachingMode:
- description: 'Host Caching mode: None, Read
- Only, Read Write.'
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
type: string
diskName:
- description: The Name of the data disk in the
- blob storage
+ description: diskName is the Name of the data
+ disk in the blob storage
type: string
diskURI:
- description: The URI the data disk in the blob
- storage
+ description: diskURI is the URI of data disk
+ in the blob storage
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
kind:
- description: 'Expected values Shared: multiple
- blob disks per storage account Dedicated:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
single blob disk per storage account Managed:
azure managed data disk (only in managed availability
set). defaults to shared'
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
@@ -14688,55 +16823,58 @@
- diskURI
type: object
azureFile:
- description: AzureFile represents an Azure File
+ description: azureFile represents an Azure File
Service mount on the host and bind mount to the
pod.
properties:
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretName:
- description: the name of secret that contains
- Azure Storage Account Name and Key
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name and
+ Key
type: string
shareName:
- description: Share Name
+ description: shareName is the azure share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
- description: CephFS represents a Ceph FS mount on
+ description: cephFS represents a Ceph FS mount on
the host that shares a pod's lifetime
properties:
monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
- description: 'Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph tree,
+ default is /'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
- description: 'Optional: SecretFile is the path
- to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default
+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
- description: 'Optional: SecretRef is reference
- to the authentication secret for User, default
- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More
@@ -14745,33 +16883,36 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'Optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ description: 'user is optional: User is the
+ rados user name, default is admin More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
- description: 'Cinder represents a cinder volume
+ description: 'cinder represents a cinder volume
attached and mounted on kubelets host machine.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
- description: 'Optional: Defaults to false (read/write).
+ description: 'readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
+ description: 'secretRef is optional: points
+ to a secret object containing parameters used
+ to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More
@@ -14780,33 +16921,34 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeID:
- description: 'volume id used to identify the
+ description: 'volumeID used to identify the
volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
- description: ConfigMap represents a configMap that
+ description: configMap represents a configMap that
should populate this volume
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items if unspecified, each key-value
pair in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -14822,29 +16964,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -14858,30 +17000,30 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
csi:
- description: CSI (Container Storage Interface) represents
+ description: csi (Container Storage Interface) represents
ephemeral storage that is handled by certain external
CSI drivers (Beta feature).
properties:
driver:
- description: Driver is the name of the CSI driver
+ description: driver is the name of the CSI driver
that handles this volume. Consult with your
admin for the correct name as registered in
the cluster.
type: string
fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI driver
- which will determine the default filesystem
- to apply.
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is
+ passed to the associated CSI driver which
+ will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
+ description: nodePublishSecretRef is a reference
to the secret object containing sensitive
information to pass to the CSI driver to complete
the CSI NodePublishVolume and NodeUnpublishVolume
@@ -14897,14 +17039,16 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults to
+ false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
- description: VolumeAttributes stores driver-specific
+ description: volumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for supported
values.
@@ -14913,7 +17057,7 @@
- driver
type: object
downwardAPI:
- description: DownwardAPI represents downward API
+ description: downwardAPI represents downward API
about the pod that should populate this volume
properties:
defaultMode:
@@ -14956,6 +17100,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode bits used
to set permissions on this file, must
@@ -15006,66 +17151,63 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
emptyDir:
- description: 'EmptyDir represents a temporary directory
+ description: 'emptyDir represents a temporary directory
that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which
- means to use the node''s default medium. Must
- be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: 'medium represents what type of
+ storage medium should back this directory.
+ The default is "" which means to use the node''s
+ default medium. Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
- description: 'Total amount of local storage
- required for this EmptyDir volume. The size
- limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir
- would be the minimum value between the SizeLimit
- specified here and the sum of memory limits
- of all containers in a pod. The default is
- nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the
+ sum of memory limits of all containers in
+ a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
- description: "Ephemeral represents a volume that
- is handled by a cluster storage driver (Alpha
- feature). The volume's lifecycle is tied to the
- pod that defines it - it will be created before
- the pod starts, and deleted when the pod is removed.
- \n Use this if: a) the volume is only needed while
- the pod runs, b) features of normal volumes like
- restoring from snapshot or capacity tracking
- are needed, c) the storage driver is specified
- through a storage class, and d) the storage driver
- supports dynamic volume provisioning through a
- PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim).
- \n Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than
- the lifecycle of an individual pod. \n Use CSI
- for light-weight local ephemeral volumes if the
- CSI driver is meant to be used that way - see
- the documentation of the driver for more information.
- \n A pod can use both types of ephemeral volumes
- and persistent volumes at the same time."
+ description: "ephemeral represents a volume that
+ is handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it -
+ it will be created before the pod starts, and
+ deleted when the pod is removed. \n Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the
+ storage driver is specified through a storage
+ class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information
+ on the connection between this volume type and
+ PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes
+ that persist for longer than the lifecycle of
+ an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of
+ the driver for more information. \n A pod can
+ use both types of ephemeral volumes and persistent
+ volumes at the same time."
properties:
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
volumeClaimTemplate:
description: "Will be used to create a stand-alone
PVC to provision the volume. The pod in which
@@ -15106,27 +17248,25 @@
are also valid here.
properties:
accessModes:
- description: 'AccessModes contains the
+ description: 'accessModes contains the
desired access modes the volume should
have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
- description: 'This field can be used
- to specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
+ description: 'dataSource field can be
+ used to specify either: * An existing
+ VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that
- implements data population (Alpha)
- In order to use custom resource types
- that implement data population, the
- AnyVolumeDataSource feature gate must
- be enabled. If the provisioner or
- an external controller can support
- the specified data source, it will
- create a new volume based on the contents
- of the specified data source.'
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create a new
+ volume based on the contents of the
+ specified data source. If the AnyVolumeDataSource
+ feature gate is enabled, this field
+ will always have the same contents
+ as the DataSourceRef field.'
properties:
apiGroup:
description: APIGroup is the group
@@ -15149,10 +17289,72 @@
- kind
- name
type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may be any
+ local object from a non-empty API
+ group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if
+ the type of the specified object matches
+ some installed volume populator or
+ dynamic provisioner. This field will
+ replace the functionality of the DataSource
+ field and as such if both fields are
+ non-empty, they must have the same
+ value. For backwards compatibility,
+ both fields (DataSource and DataSourceRef)
+ will be set to the same value automatically
+ if one of them is empty and the other
+ is non-empty. There are two important
+ differences between DataSource and
+ DataSourceRef: * While DataSource
+ only allows two specific types of
+ objects, DataSourceRef allows any
+ non-core object, as well as PersistentVolumeClaim
+ objects. * While DataSource ignores
+ disallowed values (dropping them),
+ DataSourceRef preserves all values,
+ and generates an error if a disallowed
+ value is specified. (Beta) Using this
+ field requires the AnyVolumeDataSource
+ feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
resources:
- description: 'Resources represents the
+ description: 'resources represents the
minimum resources the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements that
+ are lower than previous value but
+ must still be higher than capacity
+ recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
@@ -15163,7 +17365,7 @@
x-kubernetes-int-or-string: true
description: 'Limits describes the
maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
@@ -15179,12 +17381,12 @@
defaults to Limits if that is
explicitly specified, otherwise
to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
- description: A label query over volumes
- to consider for binding.
+ description: selector is a label query
+ over volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is
@@ -15242,10 +17444,11 @@
are ANDed.
type: object
type: object
+ x-kubernetes-map-type: atomic
storageClassName:
- description: 'Name of the StorageClass
- required by the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ description: 'storageClassName is the
+ name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what
@@ -15254,7 +17457,7 @@
when not included in claim spec.
type: string
volumeName:
- description: VolumeName is the binding
+ description: volumeName is the binding
reference to the PersistentVolume
backing this claim.
type: string
@@ -15264,36 +17467,37 @@
type: object
type: object
fc:
- description: FC represents a Fibre Channel resource
+ description: fc represents a Fibre Channel resource
that is attached to a kubelet's host machine and
then exposed to the pod.
properties:
fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors
+ in the filesystem from compromising the machine'
type: string
lun:
- description: 'Optional: FC target lun number'
+ description: 'lun is Optional: FC target lun
+ number'
format: int32
type: integer
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
- description: 'Optional: FC target worldwide
- names (WWNs)'
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
items:
type: string
type: array
wwids:
- description: 'Optional: FC volume world wide
- identifiers (wwids) Either wwids or combination
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or combination
of targetWWNs and lun must be set, but not
both simultaneously.'
items:
@@ -15301,40 +17505,40 @@
type: array
type: object
flexVolume:
- description: FlexVolume represents a generic volume
+ description: flexVolume represents a generic volume
resource that is provisioned/attached using an
exec based plugin.
properties:
driver:
- description: Driver is the name of the driver
+ description: driver is the name of the driver
to use for this volume.
type: string
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- The default filesystem depends on FlexVolume
- script.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
type: string
options:
additionalProperties:
type: string
- description: 'Optional: Extra command options
- if any.'
+ description: 'options is Optional: this field
+ holds extra command options if any.'
type: object
readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
- description: 'Optional: SecretRef is reference
- to the secret object containing sensitive
- information to pass to the plugin scripts.
- This may be empty if no secret object is specified.
- If the secret object contains more than one
- secret, all secrets are passed to the plugin
- scripts.'
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret object
+ is specified. If the secret object contains
+ more than one secret, all secrets are passed
+ to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More
@@ -15343,57 +17547,59 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
required:
- driver
type: object
flocker:
- description: Flocker represents a Flocker volume
+ description: flocker represents a Flocker volume
attached to a kubelet's host machine. This depends
on the Flocker control service being running
properties:
datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should
- be considered as deprecated
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset
+ for Flocker should be considered as deprecated
type: string
datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a Flocker
+ dataset
type: string
type: object
gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE
+ description: 'gcePersistentDisk represents a GCE
Disk resource that is attached to a kubelet''s
host machine and then exposed to the pod. More
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ description: 'fsType is filesystem type of the
+ volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property
empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
- description: 'Unique name of the PD resource
- in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ description: 'pdName is unique name of the PD
+ resource in GCE. Used to identify the disk
+ in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
@@ -15401,7 +17607,7 @@
- pdName
type: object
gitRepo:
- description: 'GitRepo represents a git repository
+ description: 'gitRepo represents a git repository
at a particular revision. DEPRECATED: GitRepo
is deprecated. To provision a container with a
git repo, mount an EmptyDir into an InitContainer
@@ -15409,38 +17615,39 @@
EmptyDir into the Pod''s container.'
properties:
directory:
- description: Target directory name. Must not
- contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the
- git repository in the subdirectory with the
- given name.
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will
+ be the git repository. Otherwise, if specified,
+ the volume will contain the git repository
+ in the subdirectory with the given name.
type: string
repository:
- description: Repository URL
+ description: repository is the URL
type: string
revision:
- description: Commit hash for the specified revision.
+ description: revision is the commit hash for
+ the specified revision.
type: string
required:
- repository
type: object
glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
+ description: 'glusterfs represents a Glusterfs mount
on the host that shares a pod''s lifetime. More
info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
- description: 'EndpointsName is the endpoint
- name that details Glusterfs topology. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ description: 'endpoints is the endpoint name
+ that details Glusterfs topology. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
- description: 'Path is the Glusterfs volume path.
+ description: 'path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
- description: 'ReadOnly here will force the Glusterfs
+ description: 'readOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
@@ -15449,7 +17656,7 @@
- path
type: object
hostPath:
- description: 'HostPath represents a pre-existing
+ description: 'hostPath represents a pre-existing
file or directory on the host machine that is
directly exposed to the container. This is generally
used for system agents or other privileged things
@@ -15460,74 +17667,76 @@
mount host directories as read/write.'
properties:
path:
- description: 'Path of the directory on the host.
+ description: 'path of the directory on the host.
If the path is a symlink, it will follow the
link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
- description: 'Type for HostPath Volume Defaults
+ description: 'type for HostPath Volume Defaults
to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
+ description: 'iscsi represents an ISCSI Disk resource
that is attached to a kubelet''s host machine
and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
- description: whether support iSCSI Discovery
- CHAP authentication
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
type: boolean
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
initiatorName:
- description: Custom iSCSI Initiator Name. If
- initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface <target
- portal>:<volume name> will be created for
- the connection.
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new iSCSI
+ interface <target portal>:<volume name> will
+ be created for the connection.
type: string
iqn:
- description: Target iSCSI Qualified Name.
+ description: iqn is the target iSCSI Qualified
+ Name.
type: string
iscsiInterface:
- description: iSCSI Interface Name that uses
- an iSCSI transport. Defaults to 'default'
- (tcp).
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
type: string
lun:
- description: iSCSI Target Lun number.
+ description: lun represents iSCSI Target Lun
+ number.
format: int32
type: integer
portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
- description: ReadOnly here will force the ReadOnly
+ description: readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
- description: CHAP Secret for iSCSI target and
- initiator authentication
+ description: secretRef is the CHAP Secret for
+ iSCSI target and initiator authentication
properties:
name:
description: 'Name of the referent. More
@@ -15536,11 +17745,12 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
targetPortal:
- description: iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
type: string
required:
- iqn
@@ -15548,21 +17758,21 @@
- targetPortal
type: object
nfs:
- description: 'NFS represents an NFS mount on the
+ description: 'nfs represents an NFS mount on the
host that shares a pod''s lifetime More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
- description: 'Path that is exported by the NFS
+ description: 'path that is exported by the NFS
server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
- description: 'ReadOnly here will force the NFS
+ description: 'readOnly here will force the NFS
export to be mounted with read-only permissions.
Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
- description: 'Server is the hostname or IP address
+ description: 'server is the hostname or IP address
of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
@@ -15570,97 +17780,98 @@
- server
type: object
persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource
+ description: 'persistentVolumeClaimVolumeSource
represents a reference to a PersistentVolumeClaim
in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
+ description: 'claimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this
volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
- description: Will force the ReadOnly setting
- in VolumeMounts. Default false.
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
+ description: photonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets
host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
pdID:
- description: ID that identifies Photon Controller
- persistent disk
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
- description: PortworxVolume represents a portworx
+ description: portworxVolume represents a portworx
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: FSType represents the filesystem
+ description: fSType represents the filesystem
type to mount Must be a filesystem type supported
by the host operating system. Ex. "ext4",
"xfs". Implicitly inferred to be "ext4" if
unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
volumeID:
- description: VolumeID uniquely identifies a
+ description: volumeID uniquely identifies a
Portworx volume
type: string
required:
- volumeID
type: object
projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
properties:
defaultMode:
- description: Mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options that
- affect the file mode, like fsGroup, and the
- result can be other mode bits set.
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.
format: int32
type: integer
sources:
- description: list of volume projections
+ description: sources is the list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
- description: information about the configMap
- data to project
+ description: configMap information about
+ the configMap data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced ConfigMap will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced ConfigMap
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
the listed keys will be projected
into the specified paths, and unlisted
keys will not be present. If a key
@@ -15675,11 +17886,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -15696,9 +17908,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -15715,13 +17927,15 @@
kind, uid?'
type: string
optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
+ description: optional specify whether
+ the ConfigMap or its keys must be
+ defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
downwardAPI:
- description: information about the downwardAPI
- data to project
+ description: downwardAPI information about
+ the downwardAPI data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
@@ -15751,6 +17965,7 @@
required:
- fieldPath
type: object
+ x-kubernetes-map-type: atomic
mode:
description: 'Optional: mode
bits used to set permissions
@@ -15809,24 +18024,25 @@
required:
- resource
type: object
+ x-kubernetes-map-type: atomic
required:
- path
type: object
type: array
type: object
secret:
- description: information about the secret
- data to project
+ description: secret information about
+ the secret data to project
properties:
items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced Secret will be
- projected into the volume as a file
- whose name is the key and content
- is the value. If specified, the
- listed keys will be projected into
- the specified paths, and unlisted
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced Secret will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
keys will not be present. If a key
is specified which is not present
in the Secret, the volume setup
@@ -15839,11 +18055,12 @@
a path within a volume.
properties:
key:
- description: The key to project.
+ description: key is the key
+ to project.
type: string
mode:
- description: 'Optional: mode
- bits used to set permissions
+ description: 'mode is Optional:
+ mode bits used to set permissions
on this file. Must be an octal
value between 0000 and 0777
or a decimal value between
@@ -15860,9 +18077,9 @@
format: int32
type: integer
path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
path. May not contain the
path element '..'. May not
start with the string '..'.
@@ -15879,16 +18096,19 @@
kind, uid?'
type: string
optional:
- description: Specify whether the Secret
- or its key must be defined
+ description: optional field specify
+ whether the Secret or its key must
+ be defined
type: boolean
type: object
+ x-kubernetes-map-type: atomic
serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to
+ project
properties:
audience:
- description: Audience is the intended
+ description: audience is the intended
audience of the token. A recipient
of a token must identify itself
with an identifier specified in
@@ -15898,7 +18118,7 @@
apiserver.
type: string
expirationSeconds:
- description: ExpirationSeconds is
+ description: expirationSeconds is
the requested duration of validity
of the service account token. As
the token approaches expiration,
@@ -15913,7 +18133,7 @@
format: int64
type: integer
path:
- description: Path is the path relative
+ description: path is the path relative
to the mount point of the file to
project the token into.
type: string
@@ -15924,37 +18144,37 @@
type: array
type: object
quobyte:
- description: Quobyte represents a Quobyte mount
+ description: quobyte represents a Quobyte mount
on the host that shares a pod's lifetime
properties:
group:
- description: Group to map volume access to Default
+ description: group to map volume access to Default
is no group
type: string
readOnly:
- description: ReadOnly here will force the Quobyte
+ description: readOnly here will force the Quobyte
volume to be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
- description: Registry represents a single or
+ description: registry represents a single or
multiple Quobyte Registry services specified
as a string as host:port pair (multiple entries
are separated with commas) which acts as the
central registry for volumes
type: string
tenant:
- description: Tenant owning the given Quobyte
+ description: tenant owning the given Quobyte
volume in the Backend Used with dynamically
provisioned Quobyte volumes, value is set
by the plugin
type: string
user:
- description: User to map volume access to Defaults
+ description: user to map volume access to Defaults
to serivceaccount user
type: string
volume:
- description: Volume is a string that references
+ description: volume is a string that references
an already created Quobyte volume by name.
type: string
required:
@@ -15962,46 +18182,46 @@
- volume
type: object
rbd:
- description: 'RBD represents a Rados Block Device
+ description: 'rbd represents a Rados Block Device
mount on the host that shares a pod''s lifetime.
More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem
from compromising the machine'
type: string
image:
- description: 'The rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
- description: 'Keyring is the path to key ring
+ description: 'keyring is the path to key ring
for RBDUser. Default is /etc/ceph/keyring.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
- description: 'A collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'monitors is a collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
- description: 'The rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
- description: 'ReadOnly here will force the ReadOnly
+ description: 'readOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
- description: 'SecretRef is name of the authentication
+ description: 'secretRef is name of the authentication
secret for RBDUser. If provided overrides
keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
@@ -16012,39 +18232,41 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
user:
- description: 'The rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
- description: ScaleIO represents a ScaleIO persistent
+ description: scaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
type: string
gateway:
- description: The host address of the ScaleIO
- API Gateway.
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
type: string
protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
+ description: protectionDomain is the name of
+ the ScaleIO Protection Domain for the configured
+ storage.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef references to the secret
+ description: secretRef references to the secret
for ScaleIO user and other sensitive information.
If this is not provided, Login operation will
fail.
@@ -16056,27 +18278,28 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default false
type: boolean
storageMode:
- description: Indicates whether the storage for
- a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
+ description: storageMode indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
type: string
storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
type: string
system:
- description: The name of the storage system
- as configured in ScaleIO.
+ description: system is the name of the storage
+ system as configured in ScaleIO.
type: string
volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that
+ is associated with this volume source.
type: string
required:
- gateway
@@ -16084,25 +18307,25 @@
- system
type: object
secret:
- description: 'Secret represents a secret that should
+ description: 'secret represents a secret that should
populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
+ description: 'defaultMode is Optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
format: int32
type: integer
items:
- description: If unspecified, each key-value
+ description: items If unspecified, each key-value
pair in the Data field of the referenced Secret
will be projected into the volume as a file
whose name is the key and content is the value.
@@ -16118,29 +18341,29 @@
a volume.
properties:
key:
- description: The key to project.
+ description: key is the key to project.
type: string
mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
format: int32
type: integer
path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
type: string
required:
- key
@@ -16148,31 +18371,33 @@
type: object
type: array
optional:
- description: Specify whether the Secret or its
- keys must be defined
+ description: optional field specify whether
+ the Secret or its keys must be defined
type: boolean
secretName:
- description: 'Name of the secret in the pod''s
- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ description: 'secretName is the name of the
+ secret in the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
- description: StorageOS represents a StorageOS volume
+ description: storageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
type: string
readOnly:
- description: Defaults to false (read/write).
+ description: readOnly defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
- description: SecretRef specifies the secret
+ description: secretRef specifies the secret
to use for obtaining the StorageOS API credentials. If
not specified, default values will be attempted.
properties:
@@ -16183,13 +18408,14 @@
kind, uid?'
type: string
type: object
+ x-kubernetes-map-type: atomic
volumeName:
- description: VolumeName is the human-readable
+ description: volumeName is the human-readable
name of the StorageOS volume. Volume names
are only unique within a namespace.
type: string
volumeNamespace:
- description: VolumeNamespace specifies the scope
+ description: volumeNamespace specifies the scope
of the volume within StorageOS. If no namespace
is specified then the Pod's namespace will
be used. This allows the Kubernetes name
@@ -16202,26 +18428,28 @@
type: string
type: object
vsphereVolume:
- description: VsphereVolume represents a vSphere
+ description: vsphereVolume represents a vSphere
volume attached and mounted on kubelets host machine
properties:
fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
type: string
storagePolicyID:
- description: Storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
type: string
storagePolicyName:
- description: Storage Policy Based Management
- (SPBM) profile name.
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
type: string
volumePath:
- description: Path that identifies vSphere volume
- vmdk
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
type: string
required:
- volumePath
@@ -16277,9 +18505,9 @@
type: integer
restartSchedule:
description: "Perform a scheduled restart on the given schedule, in
- CRON format. \n Multiple CRON syntaxes are supported - Standard
- CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
- (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every
+ CRON format. \n Multiple CRON syntaxes are supported - Standard
+ CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules
+ (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every
10h30m\") \n For more information please check this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format"
type: string
scrapeInterval:
@@ -16417,6 +18645,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
mountedTLSDir:
description: Used to specify a path where the keystore, truststore,
and password files for the TLS certificate are mounted by
@@ -16471,6 +18700,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
restartOnTLSSecretUpdate:
description: Opt-in flag to restart Solr pods after TLS secret
updates, such as if the cert is renewed; default is false.
@@ -16499,6 +18729,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
trustStoreSecret:
description: TLS Secret containing a pkcs12 truststore; if
not provided, then the keystore and password are used for
@@ -16520,6 +18751,7 @@
required:
- key
type: object
+ x-kubernetes-map-type: atomic
verifyClientHostname:
description: Verify client's hostname during SSL handshake
Only applies for server configuration
@@ -16551,9 +18783,3 @@
storage: true
subresources:
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
diff --git a/helm/solr-operator/templates/role.yaml b/helm/solr-operator/templates/role.yaml
index aca8ccd..956b0aa 100644
--- a/helm/solr-operator/templates/role.yaml
+++ b/helm/solr-operator/templates/role.yaml
@@ -15,7 +15,6 @@
{{- if .Values.rbac.create }}
{{- range $namespace := (split "," (include "solr-operator.watchNamespaces" $)) }}
-
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ include "solr-operator.roleType" $ }}