Add currently unsupported ZookeeperCluster options (#558)
diff --git a/api/v1beta1/solrcloud_types.go b/api/v1beta1/solrcloud_types.go
index 5117b56..f78d3a0 100644
--- a/api/v1beta1/solrcloud_types.go
+++ b/api/v1beta1/solrcloud_types.go
@@ -772,12 +772,20 @@
// Number of members to create up for the ZK ensemble
// Defaults to 3
// +optional
+ // +kubebuilder:validation:Minimum=1
+ // +kubebuilder:default=3
Replicas *int32 `json:"replicas,omitempty"`
// Image of Zookeeper to run
// +optional
Image *ContainerImage `json:"image,omitempty"`
+ // Labels specifies the labels to attach to all resources the operator
+ // creates for the zookeeper cluster, including StatefulSet, Pod,
+ // PersistentVolumeClaim, Service, ConfigMap, et al.
+ // +optional
+ Labels map[string]string `json:"labels,omitempty"`
+
// Persistence is the configuration for zookeeper persistent layer.
// PersistentVolumeClaimSpec and VolumeReclaimPolicy can be specified in here.
// At anypoint only one of Persistence or Ephemeral should be present in the manifest
@@ -815,6 +823,42 @@
// for the zookeeper pods.
// +optional
Probes *zkApi.Probes `json:"probes,omitempty"`
+
+ // Volumes defines to support customized volumes
+ // +optional
+ Volumes []corev1.Volume `json:"volumes,omitempty"`
+
+ // VolumeMounts defines to support customized volumeMounts
+ // +optional
+ VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
+
+ // MaxUnavailableReplicas defines the
+ // MaxUnavailable Replicas in pdb.
+ // Default is 1.
+ // +optional
+ // +kubebuilder:validation:Minimum=1
+ // +kubebuilder:default=1
+ MaxUnavailableReplicas int32 `json:"maxUnavailableReplicas,omitempty"`
+
+ // Containers defines to support multi containers
+ // +optional
+ Containers []corev1.Container `json:"containers,omitempty"`
+
+ // Init containers to support initialization
+ // +optional
+ InitContainers []corev1.Container `json:"initContainers,omitempty"`
+
+ // AdminServerService defines the policy to create AdminServer Service
+ // for the zookeeper cluster.
+ AdminServerService zkApi.AdminServerServicePolicy `json:"adminServerService,omitempty"`
+
+ // ClientService defines the policy to create client Service
+ // for the zookeeper cluster.
+ ClientService zkApi.ClientServicePolicy `json:"clientService,omitempty"`
+
+ // HeadlessService defines the policy to create headless Service
+ // for the zookeeper cluster.
+ HeadlessService zkApi.HeadlessServicePolicy `json:"headlessService,omitempty"`
}
type ZKPersistence struct {
@@ -1034,6 +1078,10 @@
// ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
// +optional
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+ // TopologySpreadConstraints to apply to the pods
+ // +optional
+ TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
}
// SolrCloudStatus defines the observed state of SolrCloud
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 3ef8333..18555db 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -1556,6 +1556,13 @@
*out = make([]v1.LocalObjectReference, len(*in))
copy(*out, *in)
}
+ if in.TopologySpreadConstraints != nil {
+ in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints
+ *out = make([]v1.TopologySpreadConstraint, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZookeeperPodPolicy.
@@ -1606,6 +1613,13 @@
*out = new(ContainerImage)
**out = **in
}
+ if in.Labels != nil {
+ in, out := &in.Labels, &out.Labels
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
if in.Persistence != nil {
in, out := &in.Persistence, &out.Persistence
*out = new(ZKPersistence)
@@ -1633,6 +1647,37 @@
*out = new(apiv1beta1.Probes)
(*in).DeepCopyInto(*out)
}
+ if in.Volumes != nil {
+ in, out := &in.Volumes, &out.Volumes
+ *out = make([]v1.Volume, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.VolumeMounts != nil {
+ in, out := &in.VolumeMounts, &out.VolumeMounts
+ *out = make([]v1.VolumeMount, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Containers != nil {
+ in, out := &in.Containers, &out.Containers
+ *out = make([]v1.Container, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.InitContainers != nil {
+ in, out := &in.InitContainers, &out.InitContainers
+ *out = make([]v1.Container, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ in.AdminServerService.DeepCopyInto(&out.AdminServerService)
+ in.ClientService.DeepCopyInto(&out.ClientService)
+ in.HeadlessService.DeepCopyInto(&out.HeadlessService)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZookeeperSpec.
diff --git a/config/crd/bases/solr.apache.org_solrclouds.yaml b/config/crd/bases/solr.apache.org_solrclouds.yaml
index 8908561..6202e29 100644
--- a/config/crd/bases/solr.apache.org_solrclouds.yaml
+++ b/config/crd/bases/solr.apache.org_solrclouds.yaml
@@ -9846,9 +9846,33 @@
- secret
- usernameKey
type: object
+ adminServerService:
+ description: AdminServerService defines the policy to create
+ AdminServer Service for the zookeeper cluster.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations specifies the annotations to
+ attach to AdminServer service the operator creates.
+ type: object
+ external:
+ type: boolean
+ type: object
chroot:
description: The ChRoot to connect solr at
type: string
+ clientService:
+ description: ClientService defines the policy to create client
+ Service for the zookeeper cluster.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations specifies the annotations to
+ attach to client service the operator creates.
+ type: object
+ type: object
config:
description: Additional Zookeeper Configuration settings
properties:
@@ -9941,6 +9965,1325 @@
in milliseconds \n The default value is 2000."
type: integer
type: object
+ containers:
+ description: Containers defines to support multi containers
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If
+ a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in
+ the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is
+ starting. When a key exists in multiple sources, the
+ value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will
+ take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never,
+ IfNotPresent. Defaults to Always if :latest tag is
+ specified, or IfNotPresent otherwise. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should
+ take in response to container lifecycle events. Cannot
+ be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after
+ a container is created. If the handler fails,
+ the container is terminated and restarted according
+ to its restart policy. Other management of the
+ container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before
+ a container is terminated due to an API request
+ or management event such as liveness/startup probe
+ failure, preemption, resource contention, etc.
+ The handler is not called if the container crashes
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's
+ IP address. This must be a valid port number,
+ 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host.
+ If specified, this must be a valid port number,
+ 0 < x < 65536. If HostNetwork is specified,
+ this must match ContainerPort. Most containers
+ do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in
+ a pod must have a unique name. Name for the
+ port that can be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP,
+ or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if
+ the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the
+ Pod where this field is used. It makes that
+ resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges than
+ its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container
+ process. AllowPrivilegeEscalation is true always
+ when the container is: 1) run as Privileged 2)
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default is
+ DefaultProcMount which uses the container runtime
+ defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will
+ validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no
+ such validation will be performed. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified
+ in image metadata if unspecified. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ the container. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided at
+ both the pod & container level, the container
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file
+ on the node should be used. RuntimeDefault
+ - the container runtime default profile should
+ be used. Unconfined - no profile should be
+ applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the
+ GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run
+ the entrypoint of the container process. Defaults
+ to the user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has
+ successfully initialized. If specified, no other probes
+ are executed until this completes successfully. If
+ this probe fails, the Pod will be restarted, just
+ as if the livenessProbe failed. This can be used to
+ provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time
+ to load data or warm a cache, than during steady-state
+ operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will
+ always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close
+ the stdin channel after it has been opened by a single
+ attach. When stdin is true the stdin stream will remain
+ open across multiple attach sessions. If stdinOnce
+ is set to true, stdin is opened on container start,
+ is empty until the first client attaches to stdin,
+ and then remains open and accepts data until the client
+ disconnects, at which time stdin is closed and remains
+ closed until the container is restarted. If this flag
+ is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which
+ the container''s termination message will be written
+ is mounted into the container''s filesystem. Message
+ written is intended to be brief final status, such
+ as an assertion failure message. Will be truncated
+ by the node if greater than 4096 bytes. The total
+ message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot
+ be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should
+ be populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success
+ and failure. FallbackToLogsOnError will use the last
+ chunk of container log output if the termination message
+ file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines,
+ whichever is smaller. Defaults to File. Cannot be
+ updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which
+ the volume should be mounted. Must not contain
+ ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and
+ the other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to
+ false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted. Defaults
+ to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment
+ variable references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which
+ might be configured in the container image. Cannot
+ be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
ephemeral:
description: Ephemeral is the configuration which helps create
ephemeral storage At anypoint only one of Persistence or
@@ -9977,6 +11320,17 @@
x-kubernetes-int-or-string: true
type: object
type: object
+ headlessService:
+ description: HeadlessService defines the policy to create
+ headless Service for the zookeeper cluster.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations specifies the annotations to
+ attach to headless service the operator creates.
+ type: object
+ type: object
image:
description: Image of Zookeeper to run
properties:
@@ -9991,6 +11345,1340 @@
tag:
type: string
type: object
+ initContainers:
+ description: Init containers to support initialization
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If
+ a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in
+ the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is
+ starting. When a key exists in multiple sources, the
+ value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will
+ take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never,
+ IfNotPresent. Defaults to Always if :latest tag is
+ specified, or IfNotPresent otherwise. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should
+ take in response to container lifecycle events. Cannot
+ be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after
+ a container is created. If the handler fails,
+ the container is terminated and restarted according
+ to its restart policy. Other management of the
+ container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before
+ a container is terminated due to an API request
+ or management event such as liveness/startup probe
+ failure, preemption, resource contention, etc.
+ The handler is not called if the container crashes
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's
+ IP address. This must be a valid port number,
+ 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host.
+ If specified, this must be a valid port number,
+ 0 < x < 65536. If HostNetwork is specified,
+ this must match ContainerPort. Most containers
+ do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in
+ a pod must have a unique name. Name for the
+ port that can be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP,
+ or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if
+ the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the
+ Pod where this field is used. It makes that
+ resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges than
+ its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container
+ process. AllowPrivilegeEscalation is true always
+ when the container is: 1) run as Privileged 2)
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default is
+ DefaultProcMount which uses the container runtime
+ defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will
+ validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no
+ such validation will be performed. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified
+ in image metadata if unspecified. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ the container. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided at
+ both the pod & container level, the container
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file
+ on the node should be used. RuntimeDefault
+ - the container runtime default profile should
+ be used. Unconfined - no profile should be
+ applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the
+ GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run
+ the entrypoint of the container process. Defaults
+ to the user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has
+ successfully initialized. If specified, no other probes
+ are executed until this completes successfully. If
+ this probe fails, the Pod will be restarted, just
+ as if the livenessProbe failed. This can be used to
+ provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time
+ to load data or warm a cache, than during steady-state
+ operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will
+ always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close
+ the stdin channel after it has been opened by a single
+ attach. When stdin is true the stdin stream will remain
+ open across multiple attach sessions. If stdinOnce
+ is set to true, stdin is opened on container start,
+ is empty until the first client attaches to stdin,
+ and then remains open and accepts data until the client
+ disconnects, at which time stdin is closed and remains
+ closed until the container is restarted. If this flag
+ is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which
+ the container''s termination message will be written
+ is mounted into the container''s filesystem. Message
+ written is intended to be brief final status, such
+ as an assertion failure message. Will be truncated
+ by the node if greater than 4096 bytes. The total
+ message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot
+ be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should
+ be populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success
+ and failure. FallbackToLogsOnError will use the last
+ chunk of container log output if the termination message
+ file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines,
+ whichever is smaller. Defaults to File. Cannot be
+ updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which
+ the volume should be mounted. Must not contain
+ ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and
+ the other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to
+ false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted. Defaults
+ to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment
+ variable references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which
+ might be configured in the container image. Cannot
+ be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels specifies the labels to attach to all
+ resources the operator creates for the zookeeper cluster,
+ including StatefulSet, Pod, PersistentVolumeClaim, Service,
+ ConfigMap, et al.
+ type: object
+ maxUnavailableReplicas:
+ default: 1
+ description: MaxUnavailableReplicas defines the MaxUnavailable
+ Replicas in pdb. Default is 1.
+ format: int32
+ minimum: 1
+ type: integer
persistence:
description: Persistence is the configuration for zookeeper
persistent layer. PersistentVolumeClaimSpec and VolumeReclaimPolicy
@@ -10315,10 +13003,1748 @@
- usernameKey
type: object
replicas:
+ default: 3
description: Number of members to create up for the ZK ensemble
Defaults to 3
format: int32
+ minimum: 1
type: integer
+ volumeMounts:
+ description: VolumeMounts defines to support customized volumeMounts
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the
+ volume should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and the
+ other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves
+ similarly to SubPath but environment variable references
+ $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes defines to support customized volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS
+ Disk resource that is attached to a kubelet''s host
+ machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the
+ readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is
+ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is
+ reference to the authentication secret for User,
+ default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados
+ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a
+ secret object containing parameters used to connect
+ to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver
+ that handles this volume. Consult with your admin
+ for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference
+ to the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no
+ secret is required. If the secret object contains
+ more than one secret, all secret references are
+ passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver.
+ Consult your driver's documentation for supported
+ values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both
+ octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This
+ might be in conflict with other options
+ that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage
+ medium should back this directory. The default
+ is "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The
+ size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified
+ here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is
+ handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it - it
+ will be created before the pod starts, and deleted
+ when the pod is removed. \n Use this if: a) the volume
+ is only needed while the pod runs, b) features of
+ normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver
+ supports dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on
+ the connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the
+ lifecycle of an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes
+ at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone
+ PVC to provision the volume. The pod in which
+ this EphemeralVolumeSource is embedded will be
+ the owner of the PVC, i.e. the PVC will be deleted
+ together with the pod. The name of the PVC will
+ be `<pod name>-<volume name>` where `<volume name>`
+ is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too
+ long). \n An existing PVC with that name that
+ is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by
+ mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created
+ PVC is meant to be used by the pod, the PVC has
+ to updated with an owner reference to the pod
+ once the pod exists. Normally this should not
+ be necessary, but it may be useful when manually
+ reconstructing a broken cluster. \n This field
+ is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required,
+ must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be
+ rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into
+ the PVC that gets created from this template.
+ The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used
+ to specify either: * An existing VolumeSnapshot
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller
+ can support the specified data source,
+ it will create a new volume based on the
+ contents of the specified data source.
+ When the AnyVolumeDataSource feature gate
+ is enabled, dataSource contents will be
+ copied to dataSourceRef, and dataSourceRef
+ contents will be copied to dataSource
+ when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef
+ will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the
+ object from which to populate the volume
+ with data, if a non-empty volume is desired.
+ This may be any object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if the
+ type of the specified object matches some
+ installed volume populator or dynamic
+ provisioner. This field will replace the
+ functionality of the dataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, when namespace isn''t specified
+ in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the
+ same value automatically if one of them
+ is empty and the other is non-empty. When
+ namespace is specified in dataSourceRef,
+ dataSource isn''t set to the same value
+ and must be empty. There are three important
+ differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific
+ types of objects, dataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed
+ values (dropping them), dataSourceRef
+ preserves all values, and generates an
+ error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using
+ the namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note
+ that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent
+ namespace to allow that namespace's
+ owner to accept the reference. See
+ the ReferenceGrant documentation for
+ details. (Alpha) This field requires
+ the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to
+ specify resource requirements that are
+ lower than previous value but must still
+ be higher than capacity recorded in the
+ status field of the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names
+ of resources, defined in spec.resourceClaims,
+ that are used by this container. \n
+ This is an alpha field and requires
+ enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the
+ name of one entry in pod.spec.resourceClaims
+ of the Pod where this field
+ is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the
+ minimum amount of compute resources
+ required. If Requests is omitted for
+ a container, it defaults to Limits
+ if that is explicitly specified, otherwise
+ to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name
+ of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type
+ of volume is required by the claim. Value
+ of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. TODO: how
+ do we prevent errors in the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide
+ identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume
+ resource that is provisioned/attached using an exec
+ based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". The
+ default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is
+ reference to the secret object containing sensitive
+ information to pass to the plugin scripts. This
+ may be empty if no secret object is specified.
+ If the secret object contains more than one secret,
+ all secrets are passed to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset for
+ Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource
+ in GCE. Used to identify the disk in GCE. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at
+ a particular revision. DEPRECATED: GitRepo is deprecated.
+ To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo
+ using git, then mount the EmptyDir into the Pod''s
+ container.'
+ properties:
+ directory:
+ description: directory is the target directory name.
+ Must not contain or start with '..'. If '.' is
+ supplied, the volume directory will be the git
+ repository. Otherwise, if specified, the volume
+ will contain the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions.
+ Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file
+ or directory on the host machine that is directly
+ exposed to the container. This is generally used for
+ system agents or other privileged things that are
+ allowed to see the host machine. Most containers will
+ NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use
+ host directory mounts and who can/can not mount host
+ directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host.
+ If the path is a symlink, it will follow the link
+ to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults
+ to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource
+ that is attached to a kubelet''s host machine and
+ then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name
+ that uses an iSCSI transport. Defaults to 'default'
+ (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically TCP
+ ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port if
+ the port is other than default (typically TCP
+ ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL
+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host
+ that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address
+ of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same
+ namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting
+ in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type
+ to mount Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path
+ are not affected by this setting. This might be
+ in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be
+ other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced ConfigMap will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits
+ used to set permissions on this
+ file, must be an octal value between
+ 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts
+ both octal and decimal values,
+ JSON requires decimal values for
+ mode bits. If not specified, the
+ volume defaultMode will be used.
+ This might be in conflict with
+ other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu and
+ requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced Secret will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the Secret, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended
+ audience of the token. A recipient of
+ a token must identify itself with an
+ identifier specified in the audience
+ of the token, and otherwise should reject
+ the token. The audience defaults to
+ the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the
+ requested duration of validity of the
+ service account token. As the token
+ approaches expiration, the kubelet volume
+ plugin will proactively rotate the service
+ account token. The kubelet will start
+ trying to rotate the token if the token
+ is older than 80 percent of its time
+ to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must
+ be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative
+ to the mount point of the file to project
+ the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default
+ is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte
+ volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple
+ Quobyte Registry services specified as a string
+ as host:port pair (multiple entries are separated
+ with commas) which acts as the central registry
+ for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned
+ Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults
+ to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for
+ RBDUser. Default is /etc/ceph/keyring. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Default
+ is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret
+ for ScaleIO user and other sensitive information.
+ If this is not provided, Login operation will
+ fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage
+ for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that is
+ associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should
+ populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the Secret, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret
+ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use
+ for obtaining the StorageOS API credentials. If
+ not specified, default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name
+ of the StorageOS volume. Volume names are only
+ unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope
+ of the volume within StorageOS. If no namespace
+ is specified then the Pod's namespace will be
+ used. This allows the Kubernetes name scoping
+ to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default
+ behaviour. Set to "default" if you are not using
+ namespaces within StorageOS. Namespaces that do
+ not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
zookeeperPodPolicy:
description: Customization options for the Zookeeper Pod
properties:
@@ -11737,6 +16163,201 @@
type: string
type: object
type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to apply to the
+ pods
+ items:
+ description: TopologySpreadConstraint specifies how
+ to spread matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching
+ pods. Pods that match this label selector are
+ counted to determine the number of pods in their
+ corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label
+ keys to select the pods over which spreading will
+ be calculated. The keys are used to lookup values
+ from the incoming pod labels, those key-value
+ labels are ANDed with labelSelector to select
+ the group of existing pods over which spreading
+ will be calculated for the incoming pod. Keys
+ that don't exist in the incoming pod labels will
+ be ignored. A null or empty list means only match
+ against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which
+ pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between
+ the number of matching pods in the target topology
+ and the global minimum. The global minimum is
+ the minimum number of matching pods in an eligible
+ domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone
+ cluster, MaxSkew is set to 1, and pods with the
+ same labelSelector spread as 2/2/1: In this case,
+ the global minimum is 1. | zone1 | zone2 | zone3
+ | | P P | P P | P | - if MaxSkew is 1,
+ incoming pod can only be scheduled to zone3 to
+ become 2/2/2; scheduling it onto zone1(zone2)
+ would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies
+ that satisfy it. It''s a required field. Default
+ value is 1 and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible
+ domains with matching topology keys is less than
+ minDomains, Pod Topology Spread treats \"global
+ minimum\" as 0, and then the calculation of Skew
+ is performed. And when the number of eligible
+ domains with matching topology keys equals or
+ greater than minDomains, this value has no effect
+ on scheduling. As a result, when the number of
+ eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those
+ domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are
+ integers greater than 0. When value is not nil,
+ WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to
+ 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2: | zone1 | zone2
+ | zone3 | | P P | P P | P P | The number
+ of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be
+ scheduled, because computed skew will be 3(3 -
+ 0) if new Pod is scheduled to any of the three
+ zones, it will violate MaxSkew. \n This is a beta
+ field and requires the MinDomainsInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we
+ will treat Pod's nodeAffinity/nodeSelector when
+ calculating pod topology spread skew. Options
+ are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a beta-level feature
+ default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we
+ will treat node taints when calculating pod topology
+ spread skew. Options are: - Honor: nodes without
+ taints, along with tainted nodes for which the
+ incoming pod has a toleration, are included. -
+ Ignore: node taints are ignored. All nodes are
+ included. \n If this value is nil, the behavior
+ is equivalent to the Ignore policy. This is a
+ beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels.
+ Nodes that have a label with this key and identical
+ values are considered to be in the same topology.
+ We consider each <key, value> as a "bucket", and
+ try to put balanced number of pods into each bucket.
+ We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain
+ as a domain whose nodes meet the requirements
+ of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
+ If TopologyKey is "kubernetes.io/hostname", each
+ Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is
+ a domain of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to
+ deal with a pod if it doesn''t satisfy the spread
+ constraint. - DoNotSchedule (default) tells the
+ scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any
+ location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint
+ is considered "Unsatisfiable" for an incoming
+ pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set
+ to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule,
+ incoming pod can only be scheduled to zone2(zone3)
+ to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
+ satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t
+ make it *more* imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
type: object
type: object
type: object
diff --git a/controllers/controller_utils_test.go b/controllers/controller_utils_test.go
index f96dec9..561ccac 100644
--- a/controllers/controller_utils_test.go
+++ b/controllers/controller_utils_test.go
@@ -1028,4 +1028,39 @@
TimeoutSeconds: 0,
},
}
+ testZKAdminServerServicePolicy = zkApi.AdminServerServicePolicy{
+ External: true,
+ Annotations: map[string]string{
+ "testZKAS1": "valueS1",
+ "testZKAS2": "valueS2",
+ },
+ }
+ testZKClientServicePolicy = zkApi.ClientServicePolicy{
+ Annotations: map[string]string{
+ "testZKCS1": "valueS1",
+ "testZKCS2": "valueS2",
+ },
+ }
+ testZKHeadlessServicePolicy = zkApi.HeadlessServicePolicy{
+ Annotations: map[string]string{
+ "testZKCS1": "valueS1",
+ "testZKCS2": "valueS2",
+ },
+ }
+ testZkVolumes = []corev1.Volume{
+ {
+ Name: "vol1",
+ VolumeSource: corev1.VolumeSource{
+ EmptyDir: &corev1.EmptyDirVolumeSource{},
+ },
+ },
+ }
+ testZkVolumeMounts = []corev1.VolumeMount{
+ {
+ Name: "vol1",
+ ReadOnly: false,
+ MountPath: "/test/mount/path",
+ SubPath: "sub/",
+ },
+ }
)
diff --git a/controllers/solrcloud_controller_zk_test.go b/controllers/solrcloud_controller_zk_test.go
index 6451283..dcd6a75 100644
--- a/controllers/solrcloud_controller_zk_test.go
+++ b/controllers/solrcloud_controller_zk_test.go
@@ -216,10 +216,20 @@
SecurityContext: &testPodSecurityContext,
TerminationGracePeriodSeconds: testTerminationGracePeriodSeconds,
ImagePullSecrets: testAdditionalImagePullSecrets,
+ TopologySpreadConstraints: testTopologySpreadConstraints,
},
- Config: zkConf,
- ChRoot: "a-ch/root",
- Probes: &testZkProbes,
+ Config: zkConf,
+ ChRoot: "a-ch/root",
+ Probes: &testZkProbes,
+ InitContainers: extraContainers1,
+ Containers: extraContainers2,
+ Labels: testConfigMapLabels,
+ MaxUnavailableReplicas: 5,
+ AdminServerService: testZKAdminServerServicePolicy,
+ ClientService: testZKClientServicePolicy,
+ HeadlessService: testZKHeadlessServicePolicy,
+ Volumes: testZkVolumes,
+ VolumeMounts: testZkVolumeMounts,
},
},
CustomSolrKubeOptions: solrv1beta1.CustomSolrKubeOptions{
@@ -276,6 +286,14 @@
Expect(zkCluster.Spec.Ephemeral.EmptyDirVolumeSource.Medium).To(BeEquivalentTo("Memory"), "Incorrect EmptyDir medium for ZK Cluster ephemeral storage")
Expect(zkCluster.Spec.Persistence).To(BeNil(), "ZkCluster.spec.persistence should be nil when using ephermeral storage")
Expect(zkCluster.Spec.Probes).To(Equal(&testZkProbes), "Incorrect zkCluster probes")
+ Expect(zkCluster.Spec.InitContainers).To(Equal(extraContainers1), "Incorrect zkCluster initContainers")
+ Expect(zkCluster.Spec.Containers).To(Equal(extraContainers2), "Incorrect zkCluster containers")
+ Expect(zkCluster.Spec.MaxUnavailableReplicas).To(BeEquivalentTo(5), "Incorrect zkCluster maxUnavailableReplicas")
+ Expect(zkCluster.Spec.AdminServerService).To(Equal(testZKAdminServerServicePolicy), "Incorrect zkCluster adminServerService")
+ Expect(zkCluster.Spec.ClientService).To(Equal(testZKClientServicePolicy), "Incorrect zkCluster clientService")
+ Expect(zkCluster.Spec.HeadlessService).To(Equal(testZKHeadlessServicePolicy), "Incorrect zkCluster headlessService")
+ Expect(zkCluster.Spec.Volumes).To(Equal(testZkVolumes), "Incorrect zkCluster volumes")
+ Expect(zkCluster.Spec.VolumeMounts).To(Equal(testZkVolumeMounts), "Incorrect zkCluster volumeMounts")
// Check ZK Pod Options
Expect(zkCluster.Spec.Pod.Affinity).To(Equal(testAffinity), "Incorrect zkCluster affinity")
@@ -288,15 +306,15 @@
Expect(zkCluster.Spec.Pod.SecurityContext).To(Equal(&testPodSecurityContext), "Incorrect zkCluster pod securityContext")
Expect(zkCluster.Spec.Pod.TerminationGracePeriodSeconds).To(Equal(testTerminationGracePeriodSeconds), "Incorrect zkCluster pod terminationGracePeriodSeconds")
Expect(zkCluster.Spec.Pod.ImagePullSecrets).To(Equal(append(append(make([]corev1.LocalObjectReference, 0), testAdditionalImagePullSecrets...), corev1.LocalObjectReference{Name: testImagePullSecretName})), "Incorrect zkCluster imagePullSecrets")
+ Expect(zkCluster.Spec.Pod.TopologySpreadConstraints).To(Equal(testTopologySpreadConstraints), "Incorrect zkCluster pod topologySpreadConstraints")
- // NOTE: Spec.Pod.Labels doesn't presently function as intended in the
- // Zookeeper Operator, see https://github.com/pravega/zookeeper-operator/issues/511.
- // Documentation indicates that Spec.Labels is for passing pod labels.
- // This test will remain here in case the behavior changes on the
- // Zookeeper Operator in the future.
testZkPodLabels := util.MergeLabelsOrAnnotations(testSSLabels, map[string]string{"app": "foo-solrcloud-zookeeper", "release": "foo-solrcloud-zookeeper"})
Expect(zkCluster.Spec.Pod.Labels).To(Equal(testZkPodLabels), "Wrong zkCluster pod labels")
- Expect(zkCluster.Spec.Labels).To(Not(Equal(testZkPodLabels)), "Wrong zkCluster labels")
+ testZkClusterLabels := map[string]string{"solr-cloud": "foo", "technology": "zookeeper"}
+ Expect(zkCluster.Labels).To(Equal(testZkClusterLabels), "Wrong zkCluster labels")
+ testZkSpecLabels := util.MergeLabelsOrAnnotations(testConfigMapLabels, testZkClusterLabels)
+ testZkSpecLabels = util.MergeLabelsOrAnnotations(testZkSpecLabels, map[string]string{"app": "foo-solrcloud-zookeeper", "release": "foo-solrcloud-zookeeper"})
+ Expect(zkCluster.Spec.Labels).To(Equal(testZkSpecLabels), "Wrong zkCluster spec labels")
// Check ZK Config Options
Expect(zkCluster.Spec.Conf.InitLimit).To(Equal(zkConf.InitLimit), "Incorrect zkCluster Config InitLimit")
diff --git a/controllers/util/zk_util.go b/controllers/util/zk_util.go
index f3d1c38..45fd562 100644
--- a/controllers/util/zk_util.go
+++ b/controllers/util/zk_util.go
@@ -34,6 +34,11 @@
labels := solrCloud.SharedLabelsWith(solrCloud.GetLabels())
labels["technology"] = solrv1beta1.ZookeeperTechnologyLabel
+ zkSpecLabels := labels
+ if len(zkSpec.Labels) > 0 {
+ zkSpecLabels = MergeLabelsOrAnnotations(zkSpec.Labels, zkSpecLabels)
+ }
+
zkCluster := &zkApi.ZookeeperCluster{
ObjectMeta: metav1.ObjectMeta{
Name: solrCloud.ProvidedZookeeperName(),
@@ -46,7 +51,7 @@
Tag: zkSpec.Image.Tag,
PullPolicy: zkSpec.Image.PullPolicy,
},
- Labels: labels,
+ Labels: zkSpecLabels,
Replicas: *zkSpec.Replicas,
Ports: []corev1.ContainerPort{
{
@@ -62,7 +67,30 @@
ContainerPort: 3888,
},
},
- Conf: zkApi.ZookeeperConfig(zkSpec.Config),
+ Pod: zkApi.PodPolicy{
+ Labels: zkSpec.ZookeeperPod.Labels,
+ NodeSelector: zkSpec.ZookeeperPod.NodeSelector,
+ Affinity: zkSpec.ZookeeperPod.Affinity,
+ TopologySpreadConstraints: zkSpec.ZookeeperPod.TopologySpreadConstraints,
+ Resources: zkSpec.ZookeeperPod.Resources,
+ Tolerations: zkSpec.ZookeeperPod.Tolerations,
+ Env: zkSpec.ZookeeperPod.Env,
+ Annotations: zkSpec.ZookeeperPod.Annotations,
+ SecurityContext: zkSpec.ZookeeperPod.SecurityContext,
+ TerminationGracePeriodSeconds: zkSpec.ZookeeperPod.TerminationGracePeriodSeconds,
+ ServiceAccountName: zkSpec.ZookeeperPod.ServiceAccountName,
+ ImagePullSecrets: zkSpec.ZookeeperPod.ImagePullSecrets,
+ },
+ AdminServerService: zkSpec.AdminServerService,
+ ClientService: zkSpec.ClientService,
+ HeadlessService: zkSpec.HeadlessService,
+ Conf: zkApi.ZookeeperConfig(zkSpec.Config),
+ Containers: zkSpec.Containers,
+ InitContainers: zkSpec.InitContainers,
+ Volumes: zkSpec.Volumes,
+ VolumeMounts: zkSpec.VolumeMounts,
+ Probes: zkSpec.Probes,
+ MaxUnavailableReplicas: zkSpec.MaxUnavailableReplicas,
},
}
@@ -95,55 +123,10 @@
}
}
- // Append Pod Policies if provided by user
- if zkSpec.ZookeeperPod.Affinity != nil {
- zkCluster.Spec.Pod.Affinity = zkSpec.ZookeeperPod.Affinity
- }
-
- if zkSpec.ZookeeperPod.Resources.Limits != nil || zkSpec.ZookeeperPod.Resources.Requests != nil {
- zkCluster.Spec.Pod.Resources = zkSpec.ZookeeperPod.Resources
- }
-
- if zkSpec.ZookeeperPod.Tolerations != nil {
- zkCluster.Spec.Pod.Tolerations = zkSpec.ZookeeperPod.Tolerations
- }
-
- if zkSpec.ZookeeperPod.NodeSelector != nil {
- zkCluster.Spec.Pod.NodeSelector = zkSpec.ZookeeperPod.NodeSelector
- }
-
- if zkSpec.ZookeeperPod.Env != nil {
- zkCluster.Spec.Pod.Env = zkSpec.ZookeeperPod.Env
- }
-
if solrCloud.Spec.SolrAddressability.KubeDomain != "" {
zkCluster.Spec.KubernetesClusterDomain = solrCloud.Spec.SolrAddressability.KubeDomain
}
- if zkSpec.ZookeeperPod.ServiceAccountName != "" {
- zkCluster.Spec.Pod.ServiceAccountName = zkSpec.ZookeeperPod.ServiceAccountName
- }
-
- if len(zkSpec.ZookeeperPod.Labels) > 0 {
- zkCluster.Spec.Pod.Labels = zkSpec.ZookeeperPod.Labels
- }
-
- if len(zkSpec.ZookeeperPod.Annotations) > 0 {
- zkCluster.Spec.Pod.Annotations = zkSpec.ZookeeperPod.Annotations
- }
-
- if zkSpec.ZookeeperPod.SecurityContext != nil {
- zkCluster.Spec.Pod.SecurityContext = zkSpec.ZookeeperPod.SecurityContext
- }
-
- if zkSpec.ZookeeperPod.TerminationGracePeriodSeconds != 0 {
- zkCluster.Spec.Pod.TerminationGracePeriodSeconds = zkSpec.ZookeeperPod.TerminationGracePeriodSeconds
- }
-
- if len(zkSpec.ZookeeperPod.ImagePullSecrets) > 0 {
- zkCluster.Spec.Pod.ImagePullSecrets = zkSpec.ZookeeperPod.ImagePullSecrets
- }
-
if zkSpec.Image.ImagePullSecret != "" {
if len(zkSpec.ZookeeperPod.ImagePullSecrets) > 0 {
zkCluster.Spec.Pod.ImagePullSecrets = append(zkCluster.Spec.Pod.ImagePullSecrets, corev1.LocalObjectReference{Name: zkSpec.Image.ImagePullSecret})
@@ -152,10 +135,6 @@
}
}
- if zkSpec.Probes != nil {
- zkCluster.Spec.Probes = zkSpec.Probes
- }
-
// Add defaults that the ZK Operator should set itself, otherwise we will have problems with reconcile loops.
zkCluster.WithDefaults()
return zkCluster
@@ -173,6 +152,12 @@
}
to.Spec.Replicas = from.Spec.Replicas
+ if !DeepEqualWithNils(to.Spec.Labels, from.Spec.Labels) {
+ logger.Info("Update required because field changed", "field", "Spec.Labels", "from", to.Spec.Labels, "to", from.Spec.Labels)
+ requireUpdate = true
+ to.Spec.Labels = from.Spec.Labels
+ }
+
if !DeepEqualWithNils(to.Spec.Image.Repository, from.Spec.Image.Repository) {
logger.Info("Update required because field changed", "field", "Spec.Image.Repository", "from", to.Spec.Image.Repository, "to", from.Spec.Image.Repository)
requireUpdate = true
@@ -337,6 +322,12 @@
to.Spec.Pod.ImagePullSecrets = from.Spec.Pod.ImagePullSecrets
}
+ if !DeepEqualWithNils(to.Spec.Pod.TopologySpreadConstraints, from.Spec.Pod.TopologySpreadConstraints) {
+ logger.Info("Update required because field changed", "field", "Spec.Pod.TopologySpreadConstraints", "from", to.Spec.Pod.TopologySpreadConstraints, "to", from.Spec.Pod.TopologySpreadConstraints)
+ requireUpdate = true
+ to.Spec.Pod.TopologySpreadConstraints = from.Spec.Pod.TopologySpreadConstraints
+ }
+
if !DeepEqualWithNils(to.Spec.KubernetesClusterDomain, from.Spec.KubernetesClusterDomain) && from.Spec.KubernetesClusterDomain != "" {
logger.Info("Update required because field changed", "field", "Spec.KubernetesClusterDomain", "from", to.Spec.KubernetesClusterDomain, "to", from.Spec.KubernetesClusterDomain)
requireUpdate = true
@@ -355,6 +346,54 @@
to.Spec.Conf = from.Spec.Conf
}
+ if !DeepEqualWithNils(to.Spec.Containers, from.Spec.Containers) {
+ logger.Info("Update required because field changed", "field", "Spec.Containers", "from", to.Spec.Containers, "to", from.Spec.Containers)
+ requireUpdate = true
+ to.Spec.Containers = from.Spec.Containers
+ }
+
+ if !DeepEqualWithNils(to.Spec.InitContainers, from.Spec.InitContainers) {
+ logger.Info("Update required because field changed", "field", "Spec.InitContainers", "from", to.Spec.InitContainers, "to", from.Spec.InitContainers)
+ requireUpdate = true
+ to.Spec.InitContainers = from.Spec.InitContainers
+ }
+
+ if !DeepEqualWithNils(to.Spec.Volumes, from.Spec.Volumes) {
+ logger.Info("Update required because field changed", "field", "Spec.Volumes", "from", to.Spec.Volumes, "to", from.Spec.Volumes)
+ requireUpdate = true
+ to.Spec.Volumes = from.Spec.Volumes
+ }
+
+ if !DeepEqualWithNils(to.Spec.VolumeMounts, from.Spec.VolumeMounts) {
+ logger.Info("Update required because field changed", "field", "Spec.VolumeMounts", "from", to.Spec.VolumeMounts, "to", from.Spec.VolumeMounts)
+ requireUpdate = true
+ to.Spec.VolumeMounts = from.Spec.VolumeMounts
+ }
+
+ if !DeepEqualWithNils(to.Spec.AdminServerService, from.Spec.AdminServerService) {
+ logger.Info("Update required because field changed", "field", "Spec.AdminServerService", "from", to.Spec.AdminServerService, "to", from.Spec.AdminServerService)
+ requireUpdate = true
+ to.Spec.AdminServerService = from.Spec.AdminServerService
+ }
+
+ if !DeepEqualWithNils(to.Spec.ClientService, from.Spec.ClientService) {
+ logger.Info("Update required because field changed", "field", "Spec.ClientService", "from", to.Spec.ClientService, "to", from.Spec.ClientService)
+ requireUpdate = true
+ to.Spec.ClientService = from.Spec.ClientService
+ }
+
+ if !DeepEqualWithNils(to.Spec.HeadlessService, from.Spec.HeadlessService) {
+ logger.Info("Update required because field changed", "field", "Spec.ClientService", "from", to.Spec.HeadlessService, "to", from.Spec.HeadlessService)
+ requireUpdate = true
+ to.Spec.HeadlessService = from.Spec.HeadlessService
+ }
+
+ if !DeepEqualWithNils(to.Spec.MaxUnavailableReplicas, from.Spec.MaxUnavailableReplicas) {
+ logger.Info("Update required because field changed", "field", "Spec.MaxUnavailableReplicas", "from", to.Spec.MaxUnavailableReplicas, "to", from.Spec.MaxUnavailableReplicas)
+ requireUpdate = true
+ to.Spec.MaxUnavailableReplicas = from.Spec.MaxUnavailableReplicas
+ }
+
return requireUpdate
}
diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml
index 1c0ff90..08064ef 100644
--- a/helm/solr-operator/Chart.yaml
+++ b/helm/solr-operator/Chart.yaml
@@ -179,10 +179,17 @@
- kind: fixed
description: Use correct user & group for chmod command in cp-solr-xml init container
links:
- - name: GitHub PR
- url: https://github.com/apache/solr-operator/pull/520
- name: GitHub Issue
url: https://github.com/apache/solr-operator/issues/519
+ - name: GitHub PR
+ url: https://github.com/apache/solr-operator/pull/520
+ - kind: added
+ description: Add missing ZookeeperCluster customization options.
+ links:
+ - name: GitHub Issue
+ url: https://github.com/apache/solr-operator/issues/557
+ - name: GitHub PR
+ url: https://github.com/apache/solr-operator/pull/558
artifacthub.io/images: |
- name: solr-operator
image: apache/solr-operator:v0.7.0-prerelease
diff --git a/helm/solr-operator/crds/crds.yaml b/helm/solr-operator/crds/crds.yaml
index 4e02209..52f8f22 100644
--- a/helm/solr-operator/crds/crds.yaml
+++ b/helm/solr-operator/crds/crds.yaml
@@ -10095,9 +10095,33 @@
- secret
- usernameKey
type: object
+ adminServerService:
+ description: AdminServerService defines the policy to create
+ AdminServer Service for the zookeeper cluster.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations specifies the annotations to
+ attach to AdminServer service the operator creates.
+ type: object
+ external:
+ type: boolean
+ type: object
chroot:
description: The ChRoot to connect solr at
type: string
+ clientService:
+ description: ClientService defines the policy to create client
+ Service for the zookeeper cluster.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations specifies the annotations to
+ attach to client service the operator creates.
+ type: object
+ type: object
config:
description: Additional Zookeeper Configuration settings
properties:
@@ -10190,6 +10214,1325 @@
in milliseconds \n The default value is 2000."
type: integer
type: object
+ containers:
+ description: Containers defines to support multi containers
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If
+ a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in
+ the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is
+ starting. When a key exists in multiple sources, the
+ value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will
+ take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never,
+ IfNotPresent. Defaults to Always if :latest tag is
+ specified, or IfNotPresent otherwise. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should
+ take in response to container lifecycle events. Cannot
+ be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after
+ a container is created. If the handler fails,
+ the container is terminated and restarted according
+ to its restart policy. Other management of the
+ container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before
+ a container is terminated due to an API request
+ or management event such as liveness/startup probe
+ failure, preemption, resource contention, etc.
+ The handler is not called if the container crashes
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's
+ IP address. This must be a valid port number,
+ 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host.
+ If specified, this must be a valid port number,
+ 0 < x < 65536. If HostNetwork is specified,
+ this must match ContainerPort. Most containers
+ do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in
+ a pod must have a unique name. Name for the
+ port that can be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP,
+ or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if
+ the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the
+ Pod where this field is used. It makes that
+ resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges than
+ its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container
+ process. AllowPrivilegeEscalation is true always
+ when the container is: 1) run as Privileged 2)
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default is
+ DefaultProcMount which uses the container runtime
+ defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will
+ validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no
+ such validation will be performed. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified
+ in image metadata if unspecified. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ the container. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided at
+ both the pod & container level, the container
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file
+ on the node should be used. RuntimeDefault
+ - the container runtime default profile should
+ be used. Unconfined - no profile should be
+ applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the
+ GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run
+ the entrypoint of the container process. Defaults
+ to the user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has
+ successfully initialized. If specified, no other probes
+ are executed until this completes successfully. If
+ this probe fails, the Pod will be restarted, just
+ as if the livenessProbe failed. This can be used to
+ provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time
+ to load data or warm a cache, than during steady-state
+ operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will
+ always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close
+ the stdin channel after it has been opened by a single
+ attach. When stdin is true the stdin stream will remain
+ open across multiple attach sessions. If stdinOnce
+ is set to true, stdin is opened on container start,
+ is empty until the first client attaches to stdin,
+ and then remains open and accepts data until the client
+ disconnects, at which time stdin is closed and remains
+ closed until the container is restarted. If this flag
+ is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which
+ the container''s termination message will be written
+ is mounted into the container''s filesystem. Message
+ written is intended to be brief final status, such
+ as an assertion failure message. Will be truncated
+ by the node if greater than 4096 bytes. The total
+ message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot
+ be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should
+ be populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success
+ and failure. FallbackToLogsOnError will use the last
+ chunk of container log output if the termination message
+ file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines,
+ whichever is smaller. Defaults to File. Cannot be
+ updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which
+ the volume should be mounted. Must not contain
+ ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and
+ the other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to
+ false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted. Defaults
+ to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment
+ variable references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which
+ might be configured in the container image. Cannot
+ be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
ephemeral:
description: Ephemeral is the configuration which helps create
ephemeral storage At anypoint only one of Persistence or
@@ -10226,6 +11569,17 @@
x-kubernetes-int-or-string: true
type: object
type: object
+ headlessService:
+ description: HeadlessService defines the policy to create
+ headless Service for the zookeeper cluster.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations specifies the annotations to
+ attach to headless service the operator creates.
+ type: object
+ type: object
image:
description: Image of Zookeeper to run
properties:
@@ -10240,6 +11594,1340 @@
tag:
type: string
type: object
+ initContainers:
+ description: Init containers to support initialization
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved, the
+ reference in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for escaping
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+ the string literal "$(VAR_NAME)". Escaped references
+ will never be expanded, regardless of whether the
+ variable exists or not. Cannot be updated. More info:
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is used
+ if this is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment. If
+ a variable cannot be resolved, the reference in the
+ input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable exists
+ or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in
+ the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Defaults
+ to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is
+ starting. When a key exists in multiple sources, the
+ value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will
+ take precedence. Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always, Never,
+ IfNotPresent. Defaults to Always if :latest tag is
+ specified, or IfNotPresent otherwise. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system should
+ take in response to container lifecycle events. Cannot
+ be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately after
+ a container is created. If the handler fails,
+ the container is terminated and restarted according
+ to its restart policy. Other management of the
+ container blocks until the hook completes. More
+ info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately before
+ a container is terminated due to an API request
+ or management event such as liveness/startup probe
+ failure, preemption, resource contention, etc.
+ The handler is not called if the container crashes
+ or exits. The Pod''s termination grace period
+ countdown begins before the PreStop hook is executed.
+ Regardless of the outcome of the handler, the
+ container will eventually terminate within the
+ Pod''s termination grace period (unless delayed
+ by finalizers). Other management of the container
+ blocks until the hook completes or until the termination
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT supported
+ as a LifecycleHandler and kept for the backward
+ compatibility. There are no validation of
+ this field and lifecycle hooks will fail in
+ runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that port
+ from being exposed. Any port which is listening on
+ the default "0.0.0.0" address inside a container will
+ be accessible from the network. Modifying this array
+ with strategic merge patch may corrupt the data. For
+ more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the pod's
+ IP address. This must be a valid port number,
+ 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the host.
+ If specified, this must be a valid port number,
+ 0 < x < 65536. If HostNetwork is specified,
+ this must match ContainerPort. Most containers
+ do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an IANA_SVC_NAME
+ and unique within the pod. Each named port in
+ a pod must have a unique name. Name for the
+ port that can be referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP, TCP,
+ or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service readiness.
+ Container will be removed from service endpoints if
+ the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resources:
+ description: 'Compute Resources required by this container.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name of one
+ entry in pod.spec.resourceClaims of the
+ Pod where this field is used. It makes that
+ resource available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount
+ of compute resources required. If Requests is
+ omitted for a container, it defaults to Limits
+ if that is explicitly specified, otherwise to
+ an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ securityContext:
+ description: 'SecurityContext defines the security options
+ the container should be run with. If set, the fields
+ of SecurityContext override the equivalent fields
+ of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges than
+ its parent process. This bool directly controls
+ if the no_new_privs flag will be set on the container
+ process. AllowPrivilegeEscalation is true always
+ when the container is: 1) run as Privileged 2)
+ has CAP_SYS_ADMIN Note that this field cannot
+ be set when spec.os.name is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when running
+ containers. Defaults to the default set of capabilities
+ granted by the container runtime. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode. Processes
+ in privileged containers are essentially equivalent
+ to root on the host. Defaults to false. Note that
+ this field cannot be set when spec.os.name is
+ windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default is
+ DefaultProcMount which uses the container runtime
+ defaults for readonly paths and masked paths.
+ This requires the ProcMountType feature flag to
+ be enabled. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that this
+ field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will
+ validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start
+ the container if it does. If unset or false, no
+ such validation will be performed. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified
+ in image metadata if unspecified. May also be
+ set in PodSecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in
+ SecurityContext takes precedence. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ the container. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided at
+ both the pod & container level, the container
+ options override the pod options. Note that this
+ field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must only be set if type is "Localhost".
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file
+ on the node should be used. RuntimeDefault
+ - the container runtime default profile should
+ be used. Unconfined - no profile should be
+ applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the
+ GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ This field is alpha-level and will only be
+ honored by components that enable the WindowsHostProcessContainers
+ feature flag. Setting this field without the
+ feature flag will result in errors when validating
+ the Pod. All of a Pod's containers must have
+ the same effective HostProcess value (it is
+ not allowed to have a mix of HostProcess containers
+ and non-HostProcess containers). In addition,
+ if HostProcess is true then HostNetwork must
+ also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run
+ the entrypoint of the container process. Defaults
+ to the user specified in image metadata if
+ unspecified. May also be set in PodSecurityContext.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod has
+ successfully initialized. If specified, no other probes
+ are executed until this completes successfully. If
+ this probe fails, the Pod will be restarted, just
+ as if the livenessProbe failed. This can be used to
+ provide different probe parameters at the beginning
+ of a Pod''s lifecycle, when it might take a long time
+ to load data or warm a cache, than during steady-state
+ operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line to
+ execute inside the container, the working
+ directory for the command is root ('/') in
+ the container's filesystem. The command is
+ simply exec'd, it is not run inside a shell,
+ so traditional shell instructions ('|', etc)
+ won't work. To use a shell, you need to explicitly
+ call out to that shell. Exit status of 0 is
+ treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for the
+ probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port. This is a beta field and requires
+ enabling GRPCContainerProbe feature gate.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the service
+ to place in the gRPC HealthCheckRequest (see
+ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default behavior
+ is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set "Host"
+ in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting to
+ the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform the
+ probe. Default to 10 seconds. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for the
+ probe to be considered successful after having
+ failed. Defaults to 1. Must be 1 for liveness
+ and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port to access
+ on the container. Number must be in the range
+ 1 to 65535. Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod
+ needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after
+ the processes running in the pod are sent a termination
+ signal and the time when the processes are forcibly
+ halted with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value must
+ be non-negative integer. The value zero indicates
+ stop immediately via the kill signal (no opportunity
+ to shut down). This is a beta field and requires
+ enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which the
+ probe times out. Defaults to 1 second. Minimum
+ value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will
+ always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should close
+ the stdin channel after it has been opened by a single
+ attach. When stdin is true the stdin stream will remain
+ open across multiple attach sessions. If stdinOnce
+ is set to true, stdin is opened on container start,
+ is empty until the first client attaches to stdin,
+ and then remains open and accepts data until the client
+ disconnects, at which time stdin is closed and remains
+ closed until the container is restarted. If this flag
+ is false, a container processes that reads from stdin
+ will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to which
+ the container''s termination message will be written
+ is mounted into the container''s filesystem. Message
+ written is intended to be brief final status, such
+ as an assertion failure message. Will be truncated
+ by the node if greater than 4096 bytes. The total
+ message length across all containers will be limited
+ to 12kb. Defaults to /dev/termination-log. Cannot
+ be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message should
+ be populated. File will use the contents of terminationMessagePath
+ to populate the container status message on both success
+ and failure. FallbackToLogsOnError will use the last
+ chunk of container log output if the termination message
+ file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines,
+ whichever is smaller. Defaults to File. Cannot be
+ updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which
+ the volume should be mounted. Must not contain
+ ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and
+ the other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults to
+ false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted. Defaults
+ to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from
+ which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment
+ variable references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not specified,
+ the container runtime's default will be used, which
+ might be configured in the container image. Cannot
+ be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels specifies the labels to attach to all
+ resources the operator creates for the zookeeper cluster,
+ including StatefulSet, Pod, PersistentVolumeClaim, Service,
+ ConfigMap, et al.
+ type: object
+ maxUnavailableReplicas:
+ default: 1
+ description: MaxUnavailableReplicas defines the MaxUnavailable
+ Replicas in pdb. Default is 1.
+ format: int32
+ minimum: 1
+ type: integer
persistence:
description: Persistence is the configuration for zookeeper
persistent layer. PersistentVolumeClaimSpec and VolumeReclaimPolicy
@@ -10564,10 +13252,1748 @@
- usernameKey
type: object
replicas:
+ default: 3
description: Number of members to create up for the ZK ensemble
Defaults to 3
format: int32
+ minimum: 1
type: integer
+ volumeMounts:
+ description: VolumeMounts defines to support customized volumeMounts
+ items:
+ description: VolumeMount describes a mounting of a Volume
+ within a container.
+ properties:
+ mountPath:
+ description: Path within the container at which the
+ volume should be mounted. Must not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how mounts
+ are propagated from the host to container and the
+ other way around. When not set, MountPropagationNone
+ is used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write otherwise
+ (false or unspecified). Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which the container's
+ volume should be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume from which
+ the container's volume should be mounted. Behaves
+ similarly to SubPath but environment variable references
+ $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr and SubPath
+ are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes defines to support customized volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an AWS
+ Disk resource that is attached to a kubelet''s host
+ machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force the
+ readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors is
+ a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef is
+ reference to the authentication secret for User,
+ default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the rados
+ user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume attached
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Examples: "ext4", "xfs", "ntfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points to a
+ secret object containing parameters used to connect
+ to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the volume
+ in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the ConfigMap, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver
+ that handles this volume. Consult with your admin
+ for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is passed
+ to the associated CSI driver which will determine
+ the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference
+ to the secret object containing sensitive information
+ to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no
+ secret is required. If the secret object contains
+ more than one secret, all secret references are
+ passed.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only configuration
+ for the volume. Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver.
+ Consult your driver's documentation for supported
+ values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on created
+ files by default. Must be a Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used to
+ set permissions on this file, must be an
+ octal value between 0000 and 0777 or a decimal
+ value between 0 and 511. YAML accepts both
+ octal and decimal values, JSON requires
+ decimal values for mode bits. If not specified,
+ the volume defaultMode will be used. This
+ might be in conflict with other options
+ that affect the file mode, like fsGroup,
+ and the result can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, requests.cpu and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of storage
+ medium should back this directory. The default
+ is "" which means to use the node''s default medium.
+ Must be an empty string (default) or Memory. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount of local
+ storage required for this EmptyDir volume. The
+ size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would
+ be the minimum value between the SizeLimit specified
+ here and the sum of memory limits of all containers
+ in a pod. The default is nil which means that
+ the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that is
+ handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it - it
+ will be created before the pod starts, and deleted
+ when the pod is removed. \n Use this if: a) the volume
+ is only needed while the pod runs, b) features of
+ normal volumes like restoring from snapshot or capacity
+ tracking are needed, c) the storage driver is specified
+ through a storage class, and d) the storage driver
+ supports dynamic volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information on
+ the connection between this volume type and PersistentVolumeClaim).
+ \n Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the
+ lifecycle of an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of the
+ driver for more information. \n A pod can use both
+ types of ephemeral volumes and persistent volumes
+ at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone
+ PVC to provision the volume. The pod in which
+ this EphemeralVolumeSource is embedded will be
+ the owner of the PVC, i.e. the PVC will be deleted
+ together with the pod. The name of the PVC will
+ be `<pod name>-<volume name>` where `<volume name>`
+ is the name from the `PodSpec.Volumes` array entry.
+ Pod validation will reject the pod if the concatenated
+ name is not valid for a PVC (for example, too
+ long). \n An existing PVC with that name that
+ is not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume by
+ mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created
+ PVC is meant to be used by the pod, the PVC has
+ to updated with an owner reference to the pod
+ once the pod exists. Normally this should not
+ be necessary, but it may be useful when manually
+ reconstructing a broken cluster. \n This field
+ is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required,
+ must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when creating
+ it. No other fields are allowed and will be
+ rejected during validation.
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged into
+ the PVC that gets created from this template.
+ The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired
+ access modes the volume should have. More
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used
+ to specify either: * An existing VolumeSnapshot
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller
+ can support the specified data source,
+ it will create a new volume based on the
+ contents of the specified data source.
+ When the AnyVolumeDataSource feature gate
+ is enabled, dataSource contents will be
+ copied to dataSourceRef, and dataSourceRef
+ contents will be copied to dataSource
+ when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef
+ will not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the
+ object from which to populate the volume
+ with data, if a non-empty volume is desired.
+ This may be any object from a non-empty
+ API group (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if the
+ type of the specified object matches some
+ installed volume populator or dynamic
+ provisioner. This field will replace the
+ functionality of the dataSource field
+ and as such if both fields are non-empty,
+ they must have the same value. For backwards
+ compatibility, when namespace isn''t specified
+ in dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to the
+ same value automatically if one of them
+ is empty and the other is non-empty. When
+ namespace is specified in dataSourceRef,
+ dataSource isn''t set to the same value
+ and must be empty. There are three important
+ differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific
+ types of objects, dataSourceRef allows
+ any non-core object, as well as PersistentVolumeClaim
+ objects. * While dataSource ignores disallowed
+ values (dropping them), dataSourceRef
+ preserves all values, and generates an
+ error if a disallowed value is specified.
+ * While dataSource only allows local objects,
+ dataSourceRef allows objects in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource
+ feature gate to be enabled. (Alpha) Using
+ the namespace field of dataSourceRef requires
+ the CrossNamespaceVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for
+ the resource being referenced. If
+ APIGroup is not specified, the specified
+ Kind must be in the core API group.
+ For any other third-party types, APIGroup
+ is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note
+ that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent
+ namespace to allow that namespace's
+ owner to accept the reference. See
+ the ReferenceGrant documentation for
+ details. (Alpha) This field requires
+ the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the minimum
+ resources the volume should have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed to
+ specify resource requirements that are
+ lower than previous value but must still
+ be higher than capacity recorded in the
+ status field of the claim. More info:
+ https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names
+ of resources, defined in spec.resourceClaims,
+ that are used by this container. \n
+ This is an alpha field and requires
+ enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the
+ name of one entry in pod.spec.resourceClaims
+ of the Pod where this field
+ is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum
+ amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the
+ minimum amount of compute resources
+ required. If Requests is omitted for
+ a container, it defaults to Limits
+ if that is explicitly specified, otherwise
+ to an implementation-defined value.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name
+ of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type
+ of volume is required by the claim. Value
+ of Filesystem is implied when not included
+ in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. TODO: how
+ do we prevent errors in the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world wide
+ identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume
+ resource that is provisioned/attached using an exec
+ based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". The
+ default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults to
+ false (read/write). ReadOnly here will force the
+ ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef is
+ reference to the secret object containing sensitive
+ information to pass to the plugin scripts. This
+ may be empty if no secret object is specified.
+ If the secret object contains more than one secret,
+ all secrets are passed to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset for
+ Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE Disk
+ resource that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the volume
+ that you want to mount. Tip: Ensure that the filesystem
+ type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred
+ to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in the
+ volume that you want to mount. If omitted, the
+ default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for /dev/sda
+ is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD resource
+ in GCE. Used to identify the disk in GCE. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository at
+ a particular revision. DEPRECATED: GitRepo is deprecated.
+ To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo
+ using git, then mount the EmptyDir into the Pod''s
+ container.'
+ properties:
+ directory:
+ description: directory is the target directory name.
+ Must not contain or start with '..'. If '.' is
+ supplied, the volume directory will be the git
+ repository. Otherwise, if specified, the volume
+ will contain the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name that
+ details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions.
+ Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing file
+ or directory on the host machine that is directly
+ exposed to the container. This is generally used for
+ system agents or other privileged things that are
+ allowed to see the host machine. Most containers will
+ NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can use
+ host directory mounts and who can/can not mount host
+ directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host.
+ If the path is a symlink, it will follow the link
+ to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults
+ to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource
+ that is attached to a kubelet''s host machine and
+ then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI Initiator
+ Name. If initiatorName is specified with iscsiInterface
+ simultaneously, new iSCSI interface <target portal>:<volume
+ name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface Name
+ that uses an iSCSI transport. Defaults to 'default'
+ (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically TCP
+ ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port if
+ the port is other than default (typically TCP
+ ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL
+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the host
+ that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS export
+ to be mounted with read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address
+ of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource represents
+ a reference to a PersistentVolumeClaim in the same
+ namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly setting
+ in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem type
+ to mount Must be a filesystem type supported by
+ the host operating system. Ex. "ext4", "xfs".
+ Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Directories within the path
+ are not affected by this setting. This might be
+ in conflict with other options that affect the
+ file mode, like fsGroup, and the result can be
+ other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced ConfigMap will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the ConfigMap, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits
+ used to set permissions on this
+ file, must be an octal value between
+ 0000 and 0777 or a decimal value
+ between 0 and 511. YAML accepts
+ both octal and decimal values,
+ JSON requires decimal values for
+ mode bits. If not specified, the
+ volume defaultMode will be used.
+ This might be in conflict with
+ other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu and
+ requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: items if unspecified, each
+ key-value pair in the Data field of
+ the referenced Secret will be projected
+ into the volume as a file whose name
+ is the key and content is the value.
+ If specified, the listed keys will be
+ projected into the specified paths,
+ and unlisted keys will not be present.
+ If a key is specified which is not present
+ in the Secret, the volume setup will
+ error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777 or
+ a decimal value between 0 and
+ 511. YAML accepts both octal and
+ decimal values, JSON requires
+ decimal values for mode bits.
+ If not specified, the volume defaultMode
+ will be used. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the key
+ to. May not be an absolute path.
+ May not contain the path element
+ '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: audience is the intended
+ audience of the token. A recipient of
+ a token must identify itself with an
+ identifier specified in the audience
+ of the token, and otherwise should reject
+ the token. The audience defaults to
+ the identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is the
+ requested duration of validity of the
+ service account token. As the token
+ approaches expiration, the kubelet volume
+ plugin will proactively rotate the service
+ account token. The kubelet will start
+ trying to rotate the token if the token
+ is older than 80 percent of its time
+ to live or if the token is older than
+ 24 hours.Defaults to 1 hour and must
+ be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative
+ to the mount point of the file to project
+ the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default
+ is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte
+ volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single or multiple
+ Quobyte Registry services specified as a string
+ as host:port pair (multiple entries are separated
+ with commas) which acts as the central registry
+ for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte volume
+ in the Backend Used with dynamically provisioned
+ Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults
+ to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device mount
+ on the host that shares a pod''s lifetime. More info:
+ https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type of the
+ volume that you want to mount. Tip: Ensure that
+ the filesystem type is supported by the host operating
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring for
+ RBDUser. Default is /etc/ceph/keyring. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false. More
+ info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides keyring.
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Default
+ is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret
+ for ScaleIO user and other sensitive information.
+ If this is not provided, Login operation will
+ fail.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the storage
+ for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that is
+ associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should
+ populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode bits
+ used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or
+ a decimal value between 0 and 511. YAML accepts
+ both octal and decimal values, JSON requires decimal
+ values for mode bits. Defaults to 0644. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options that
+ affect the file mode, like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file whose
+ name is the key and content is the value. If specified,
+ the listed keys will be projected into the specified
+ paths, and unlisted keys will not be present.
+ If a key is specified which is not present in
+ the Secret, the volume setup will error unless
+ it is marked optional. Paths must be relative
+ and may not contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file. Must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. If
+ not specified, the volume defaultMode will
+ be used. This might be in conflict with
+ other options that affect the file mode,
+ like fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path of
+ the file to map the key to. May not be an
+ absolute path. May not contain the path
+ element '..'. May not start with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the secret
+ in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret to use
+ for obtaining the StorageOS API credentials. If
+ not specified, default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable name
+ of the StorageOS volume. Volume names are only
+ unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope
+ of the volume within StorageOS. If no namespace
+ is specified then the Pod's namespace will be
+ used. This allows the Kubernetes name scoping
+ to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default
+ behaviour. Set to "default" if you are not using
+ namespaces within StorageOS. Namespaces that do
+ not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host
+ operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
zookeeperPodPolicy:
description: Customization options for the Zookeeper Pod
properties:
@@ -11986,6 +16412,201 @@
type: string
type: object
type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints to apply to the
+ pods
+ items:
+ description: TopologySpreadConstraint specifies how
+ to spread matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching
+ pods. Pods that match this label selector are
+ counted to determine the number of pods in their
+ corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: MatchLabelKeys is a set of pod label
+ keys to select the pods over which spreading will
+ be calculated. The keys are used to lookup values
+ from the incoming pod labels, those key-value
+ labels are ANDed with labelSelector to select
+ the group of existing pods over which spreading
+ will be calculated for the incoming pod. Keys
+ that don't exist in the incoming pod labels will
+ be ignored. A null or empty list means only match
+ against labelSelector.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which
+ pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between
+ the number of matching pods in the target topology
+ and the global minimum. The global minimum is
+ the minimum number of matching pods in an eligible
+ domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone
+ cluster, MaxSkew is set to 1, and pods with the
+ same labelSelector spread as 2/2/1: In this case,
+ the global minimum is 1. | zone1 | zone2 | zone3
+ | | P P | P P | P | - if MaxSkew is 1,
+ incoming pod can only be scheduled to zone3 to
+ become 2/2/2; scheduling it onto zone1(zone2)
+ would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies
+ that satisfy it. It''s a required field. Default
+ value is 1 and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible
+ domains with matching topology keys is less than
+ minDomains, Pod Topology Spread treats \"global
+ minimum\" as 0, and then the calculation of Skew
+ is performed. And when the number of eligible
+ domains with matching topology keys equals or
+ greater than minDomains, this value has no effect
+ on scheduling. As a result, when the number of
+ eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those
+ domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are
+ integers greater than 0. When value is not nil,
+ WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to
+ 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2: | zone1 | zone2
+ | zone3 | | P P | P P | P P | The number
+ of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be
+ scheduled, because computed skew will be 3(3 -
+ 0) if new Pod is scheduled to any of the three
+ zones, it will violate MaxSkew. \n This is a beta
+ field and requires the MinDomainsInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we
+ will treat Pod's nodeAffinity/nodeSelector when
+ calculating pod topology spread skew. Options
+ are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a beta-level feature
+ default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we
+ will treat node taints when calculating pod topology
+ spread skew. Options are: - Honor: nodes without
+ taints, along with tainted nodes for which the
+ incoming pod has a toleration, are included. -
+ Ignore: node taints are ignored. All nodes are
+ included. \n If this value is nil, the behavior
+ is equivalent to the Ignore policy. This is a
+ beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels.
+ Nodes that have a label with this key and identical
+ values are considered to be in the same topology.
+ We consider each <key, value> as a "bucket", and
+ try to put balanced number of pods into each bucket.
+ We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain
+ as a domain whose nodes meet the requirements
+ of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
+ If TopologyKey is "kubernetes.io/hostname", each
+ Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is
+ a domain of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to
+ deal with a pod if it doesn''t satisfy the spread
+ constraint. - DoNotSchedule (default) tells the
+ scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any
+ location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint
+ is considered "Unsatisfiable" for an incoming
+ pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set
+ to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule,
+ incoming pod can only be scheduled to zone2(zone3)
+ to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
+ satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t
+ make it *more* imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
type: object
type: object
type: object
diff --git a/helm/solr/README.md b/helm/solr/README.md
index df858f0..94881d6 100644
--- a/helm/solr/README.md
+++ b/helm/solr/README.md
@@ -176,6 +176,17 @@
| zk.provided.persistence.annotations | object | | Annotations to use for the ZooKeeper PVC(s) |
| zk.provided.ephemeral.emptydirvolumesource | object | | An emptyDir volume source for the ZooKeeper Storage on each pod. |
| zk.provided.config | object | | Zookeeper Config Options to set for the provided cluster. For all possible options, run: `kubectl explain solrcloud.spec.zookeeperRef.provided.config` |
+| zk.provided.labels | map[string]string | | Set the `ZookeeperCluster.spec.labels` option, providing labels for all Zookeeper child resources. |
+| zk.provided.initContainers | []object | | Add additional initContainers for Zookeeper Pods. |
+| zk.provided.containers | []object | | Add additional containers for Zookeeper Pods. |
+| zk.provided.volumes | []object | | Add additional volumes for Zookeeper Pods. |
+| zk.provided.volumeMounts | []object | | Add additional volumeMounts for Zookeeper Pods. |
+| zk.provided.maxUnavailableReplicas | int | `1` | Customize the `maxUnavailableReplicas` for the Zookeeper's `PodDisruptionBudget`. |
+| zk.provided.adminServerService.annotations | map[string]string | | Add annotations to the Zookeeper Admin Service. |
+| zk.provided.adminServerService.external | boolean | `false` | Make the Zookeeper Admin Service available externally. |
+| zk.provided.clientService.annotations | map[string]string | | Add annotations to the Zookeeper Client Service. |
+| zk.provided.headlessService.annotations | map[string]string | | Add annotations to the Zookeeper Headless Service. |
+| zk.provided.zookeeperPodPolicy.topologySpreadConstraints | []object | | Set PodTopologySpreadConstraints for Zookeeper pods. |
| zk.provided.zookeeperPodPolicy.labels | map[string]string | | List of additional labels to add to the Zookeeper pod |
| zk.provided.zookeeperPodPolicy.annotations | map[string]string | | List of additional annotations to add to the Zookeeper pod |
| zk.provided.zookeeperPodPolicy.serviceAccountName | string | | Optional serviceAccount to run the ZK Pod under |
diff --git a/helm/solr/templates/solrcloud.yaml b/helm/solr/templates/solrcloud.yaml
index 983210e..ebc03e3 100644
--- a/helm/solr/templates/solrcloud.yaml
+++ b/helm/solr/templates/solrcloud.yaml
@@ -208,6 +208,10 @@
{{- if .Values.zk.provided.replicas }}
replicas: {{ .Values.zk.provided.replicas }}
{{- end }}
+ {{- if .Values.zk.provided.labels }}
+ labels:
+ {{- toYaml .Values.zk.provided.labels | nindent 8 }}
+ {{- end }}
{{- if .Values.zk.provided.image }}
image:
{{- toYaml .Values.zk.provided.image | nindent 8 }}
@@ -231,6 +235,37 @@
probes:
{{- toYaml .Values.zk.provided.probes | nindent 8 }}
{{- end }}
+ {{- if .Values.zk.provided.volumes }}
+ volumes:
+ {{- toYaml .Values.zk.provided.volumes | nindent 8 }}
+ {{- end }}
+ {{- if .Values.zk.provided.volumeMounts }}
+ volumeMounts:
+ {{- toYaml .Values.zk.provided.volumeMounts | nindent 8 }}
+ {{- end }}
+ {{- if .Values.zk.provided.initContainers }}
+ initContainers:
+ {{- toYaml .Values.zk.provided.initContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.zk.provided.containers }}
+ containers:
+ {{- toYaml .Values.zk.provided.containers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.zk.provided.adminServerService }}
+ adminServerService:
+ {{- toYaml .Values.zk.provided.adminServerService | nindent 8 }}
+ {{- end }}
+ {{- if .Values.zk.provided.clientService }}
+ clientService:
+ {{- toYaml .Values.zk.provided.clientService | nindent 8 }}
+ {{- end }}
+ {{- if .Values.zk.provided.headlessService }}
+ headlessService:
+ {{- toYaml .Values.zk.provided.headlessService | nindent 8 }}
+ {{- end }}
+ {{- if .Values.zk.provided.maxUnavailableReplicas }}
+ maxUnavailableReplicas: {{ .Values.zk.provided.maxUnavailableReplicas }}
+ {{- end }}
{{- if .Values.zk.acl }}
acl:
{{- toYaml .Values.zk.acl | nindent 8 }}
diff --git a/helm/solr/values.yaml b/helm/solr/values.yaml
index 1e1ac1f..9fd103d 100644
--- a/helm/solr/values.yaml
+++ b/helm/solr/values.yaml
@@ -171,12 +171,14 @@
# If no "address" is provided, this defines the ZookeeperCluster created for this SolrCloud
provided:
replicas: 3
+ labels: {}
image: {}
# repository: "pravega/zookeeper"
# tag: ""
# pullPolicy: IfNotPresent
# imagePullSecret: ""
zookeeperPodPolicy: {}
+ # labels: {}
# affinity: {}
# tolerations: []
# nodeSelector: {}
@@ -184,8 +186,22 @@
# resources: {}
# # Set ZK service account individually instead of the global "serviceAccount.name"
# serviceAccountName: ""
+ # topologySpreadConstraints: []
# Override the default Zookeeper probes
probes: {}
+ # Add additional containers
+ containers: {}
+ initContainers: {}
+ # Configure the PodDisruptionBudget created for ZK
+ maxUnavailableReplicas: 1
+ # Add custom volumes
+ volumes: []
+ volumeMounts: []
+
+ # Customize the ZK services
+ adminServerService: {}
+ clientService: {}
+ headlessService: {}
# Storage defaults to the type of storage you use for Solr, which is ephemeral by default.
# Explicitly set the storage type, only necessary when wishing to use an empty persistence or ephemeral object.
