| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| operator.solr.apache.org/version: v0.8.2-prerelease |
| argocd.argoproj.io/sync-options: Replace=true |
| controller-gen.kubebuilder.io/version: v0.10.0 |
| creationTimestamp: null |
| name: solrbackups.solr.apache.org |
| spec: |
| group: solr.apache.org |
| names: |
| kind: SolrBackup |
| listKind: SolrBackupList |
| plural: solrbackups |
| singular: solrbackup |
| scope: Namespaced |
| versions: |
| - additionalPrinterColumns: |
| - description: Solr Cloud |
| jsonPath: .spec.solrCloud |
| name: Cloud |
| type: string |
| - description: Most recent time the backup started |
| jsonPath: .status.startTimestamp |
| name: Started |
| type: date |
| - description: Whether the most recent backup has finished |
| jsonPath: .status.finished |
| name: Finished |
| type: boolean |
| - description: Whether the most recent backup was successful |
| jsonPath: .status.successful |
| name: Successful |
| type: boolean |
| - description: Next scheduled time for a recurrent backup |
| format: date-time |
| jsonPath: .status.nextScheduledTime |
| name: NextBackup |
| type: string |
| - jsonPath: .metadata.creationTimestamp |
| name: Age |
| type: date |
| name: v1beta1 |
| schema: |
| openAPIV3Schema: |
| description: SolrBackup is the Schema for the solrbackups API |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: SolrBackupSpec defines the desired state of SolrBackup |
| properties: |
| collections: |
| description: The list of collections to backup. |
| items: |
| type: string |
| type: array |
| location: |
| description: The location to store the backup in the specified backup |
| repository. |
| type: string |
| recurrence: |
| description: "Set this backup to be taken recurrently, with options |
| for scheduling and storage. \n NOTE: This is only supported for |
| Solr Clouds version 8.9+, as it uses the incremental backup API." |
| properties: |
| disabled: |
| default: false |
| description: Disable the recurring backups. Note this will not |
| affect any currently-running backup. |
| type: boolean |
| maxSaved: |
| default: 5 |
| description: Define the number of backup points to save for this |
| backup at any given time. The oldest backups will be deleted |
| if too many exist when a backup is taken. If not provided, this |
| defaults to 5. |
| minimum: 1 |
| type: integer |
| schedule: |
| description: "Perform a backup on the given schedule, in CRON |
| format. \n Multiple CRON syntaxes are supported - Standard CRON |
| (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules |
| (e.g. \"@yearly\", \"@weekly\", \"@daily\", etc.) - Intervals |
| (e.g. \"@every 10h30m\") \n For more information please check |
| this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format" |
| type: string |
| required: |
| - schedule |
| type: object |
| repositoryName: |
| description: The name of the repository to use for the backup. Defaults |
| to "legacy_local_repository" if not specified (the auto-configured |
| repository for legacy singleton volumes). |
| maxLength: 100 |
| minLength: 1 |
| pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?' |
| type: string |
| solrCloud: |
| description: A reference to the SolrCloud to create a backup for |
| maxLength: 63 |
| minLength: 1 |
| pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' |
| type: string |
| required: |
| - solrCloud |
| type: object |
| status: |
| description: SolrBackupStatus defines the observed state of SolrBackup |
| properties: |
| collectionBackupStatuses: |
| description: The status of each collection's backup progress |
| items: |
| description: CollectionBackupStatus defines the progress of a Solr |
| Collection's backup |
| properties: |
| asyncBackupStatus: |
| description: The status of the asynchronous backup call to solr |
| type: string |
| backupName: |
| description: BackupName of this collection's backup in Solr |
| type: string |
| collection: |
| description: Solr Collection name |
| type: string |
| finishTimestamp: |
| description: Time that the collection backup finished at |
| format: date-time |
| type: string |
| finished: |
| description: Whether the backup has finished |
| type: boolean |
| inProgress: |
| description: Whether the collection is being backed up |
| type: boolean |
| startTimestamp: |
| description: Time that the collection backup started at |
| format: date-time |
| type: string |
| successful: |
| description: Whether the backup was successful |
| type: boolean |
| required: |
| - collection |
| type: object |
| type: array |
| finishTimestamp: |
| description: The time that this backup was finished |
| format: date-time |
| type: string |
| finished: |
| description: Whether the backup has finished |
| type: boolean |
| history: |
| description: The status history of recurring backups |
| items: |
| description: IndividualSolrBackupStatus defines the observed state |
| of a single issued SolrBackup |
| properties: |
| collectionBackupStatuses: |
| description: The status of each collection's backup progress |
| items: |
| description: CollectionBackupStatus defines the progress of |
| a Solr Collection's backup |
| properties: |
| asyncBackupStatus: |
| description: The status of the asynchronous backup call |
| to solr |
| type: string |
| backupName: |
| description: BackupName of this collection's backup in |
| Solr |
| type: string |
| collection: |
| description: Solr Collection name |
| type: string |
| finishTimestamp: |
| description: Time that the collection backup finished |
| at |
| format: date-time |
| type: string |
| finished: |
| description: Whether the backup has finished |
| type: boolean |
| inProgress: |
| description: Whether the collection is being backed up |
| type: boolean |
| startTimestamp: |
| description: Time that the collection backup started at |
| format: date-time |
| type: string |
| successful: |
| description: Whether the backup was successful |
| type: boolean |
| required: |
| - collection |
| type: object |
| type: array |
| finishTimestamp: |
| description: The time that this backup was finished |
| format: date-time |
| type: string |
| finished: |
| description: Whether the backup has finished |
| type: boolean |
| solrVersion: |
| description: Version of the Solr being backed up |
| type: string |
| startTimestamp: |
| description: The time that this backup was initiated |
| format: date-time |
| type: string |
| successful: |
| description: Whether the backup was successful |
| type: boolean |
| type: object |
| type: array |
| nextScheduledTime: |
| description: The scheduled time for the next backup to occur |
| format: date-time |
| type: string |
| solrVersion: |
| description: Version of the Solr being backed up |
| type: string |
| startTimestamp: |
| description: The time that this backup was initiated |
| format: date-time |
| type: string |
| successful: |
| description: Whether the backup was successful |
| type: boolean |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| status: {} |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| operator.solr.apache.org/version: v0.8.2-prerelease |
| argocd.argoproj.io/sync-options: Replace=true |
| controller-gen.kubebuilder.io/version: v0.10.0 |
| creationTimestamp: null |
| name: solrclouds.solr.apache.org |
| spec: |
| group: solr.apache.org |
| names: |
| kind: SolrCloud |
| listKind: SolrCloudList |
| plural: solrclouds |
| shortNames: |
| - solr |
| singular: solrcloud |
| scope: Namespaced |
| versions: |
| - additionalPrinterColumns: |
| - description: Solr Version of the cloud |
| jsonPath: .status.version |
| name: Version |
| type: string |
| - description: Target Solr Version of the cloud |
| jsonPath: .status.targetVersion |
| name: TargetVersion |
| type: string |
| - description: Number of solr nodes configured to run in the cloud |
| jsonPath: .spec.replicas |
| name: DesiredNodes |
| type: integer |
| - description: Number of solr nodes running |
| jsonPath: .status.replicas |
| name: Nodes |
| type: integer |
| - description: Number of solr nodes connected to the cloud |
| jsonPath: .status.readyReplicas |
| name: ReadyNodes |
| type: integer |
| - description: Number of solr nodes running the latest SolrCloud pod spec |
| jsonPath: .status.upToDateNodes |
| name: UpToDateNodes |
| type: integer |
| - jsonPath: .metadata.creationTimestamp |
| name: Age |
| type: date |
| name: v1beta1 |
| schema: |
| openAPIV3Schema: |
| description: SolrCloud is the Schema for the solrclouds API |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: SolrCloudSpec defines the desired state of SolrCloud |
| properties: |
| additionalLibs: |
| description: 'List of paths in the Solr Docker image to load in the |
| classpath. Note: Solr Modules will be auto-loaded if specified in |
| the "solrModules" property. There is no need to specify them here |
| as well.' |
| items: |
| type: string |
| type: array |
| availability: |
| description: Define how Solr nodes should be available. |
| properties: |
| podDisruptionBudget: |
| description: Define PodDisruptionBudget(s) to ensure availability |
| of Solr |
| properties: |
| enabled: |
| default: true |
| description: What method should be used when creating PodDisruptionBudget(s) |
| type: boolean |
| method: |
| default: ClusterWide |
| description: What method should be used when creating PodDisruptionBudget(s) |
| enum: |
| - ClusterWide |
| type: string |
| required: |
| - enabled |
| type: object |
| type: object |
| backupRepositories: |
| description: Allows specification of multiple different "repositories" |
| for Solr to use when backing up data. |
| items: |
| maxProperties: 2 |
| minProperties: 2 |
| properties: |
| gcs: |
| description: A GCSRepository for Solr to use when backing up |
| and restoring collections. |
| properties: |
| baseLocation: |
| description: An already-created chroot within the bucket |
| to store data in. Defaults to the root path "/" if not |
| specified. |
| type: string |
| bucket: |
| description: The name of the GCS bucket that all backup |
| data will be stored in |
| type: string |
| gcsCredentialSecret: |
| description: The name & key of a Kubernetes secret holding |
| a Google cloud service account key. Must be set unless |
| deployed in GKE and making use of Google's "Workplace |
| Identity" feature. |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must |
| be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - bucket |
| type: object |
| name: |
| description: 'A name used to identify this local storage profile. Values |
| should follow RFC-1123. (See here for more details: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names)' |
| maxLength: 100 |
| minLength: 1 |
| pattern: '[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?' |
| type: string |
| s3: |
| description: An S3Repository for Solr to use when backing up |
| and restoring collections. |
| properties: |
| baseLocation: |
| description: An already-created chroot within the bucket |
| to store data in. Defaults to the root path "/" if not |
| specified. |
| type: string |
| bucket: |
| description: The name of the S3 bucket that all backup data |
| will be stored in |
| type: string |
| credentials: |
| description: "Options for specifying S3Credentials. This |
| is optional in case you want to mount this information |
| yourself. However, if you do not include these credentials, |
| and you do not load them yourself via a mount or EnvVars, |
| you will likely see errors when taking s3 backups. \n |
| If running in EKS, you can create an IAMServiceAccount |
| that uses a role permissioned for this S3 bucket. Then |
| use that serviceAccountName for your SolrCloud, and the |
| credentials should be auto-populated." |
| properties: |
| accessKeyIdSecret: |
| description: The name & key of a Kubernetes secret holding |
| an AWS Access Key ID |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key |
| must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| credentialsFileSecret: |
| description: The name & key of a Kubernetes secret holding |
| an AWS credentials file |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key |
| must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| secretAccessKeySecret: |
| description: The name & key of a Kubernetes secret holding |
| an AWS Secret Access Key |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key |
| must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| sessionTokenSecret: |
| description: The name & key of a Kubernetes secret holding |
| an AWS Session Token |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key |
| must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| endpoint: |
| description: The full endpoint URL to use when connecting |
| with S3 (or a supported S3 compatible interface) |
| type: string |
| proxyUrl: |
| description: The full proxy URL to use when connecting with |
| S3 |
| type: string |
| region: |
| description: The S3 region to store the backup data in |
| type: string |
| required: |
| - bucket |
| - region |
| type: object |
| volume: |
| description: Allows specification of a "repository" for Solr |
| to use when backing up data "locally". |
| properties: |
| directory: |
| description: Select a custom directory name to mount the |
| backup/restore data in the given volume. If not specified, |
| then the name of the solrcloud will be used by default. |
| type: string |
| source: |
| description: 'This is a volumeSource for a volume that will |
| be mounted to all solrNodes to store backups and load |
| restores. The data within the volume will be namespaced |
| for this instance, so feel free to use the same volume |
| for multiple clouds. Since the volume will be mounted |
| to all solrNodes, it must be able to be written from multiple |
| pods. If a PVC reference is given, the PVC must have `accessModes: |
| - ReadWriteMany`. Other options are to use a NFS volume.' |
| properties: |
| awsElasticBlockStore: |
| description: 'awsElasticBlockStore represents an AWS |
| Disk resource that is attached to a kubelet''s host |
| machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type of the |
| volume that you want to mount. Tip: Ensure that |
| the filesystem type is supported by the host operating |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in the |
| volume that you want to mount. If omitted, the |
| default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for /dev/sda |
| is "0" (or you can leave the property empty).' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly value true will force the |
| readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: boolean |
| volumeID: |
| description: 'volumeID is unique ID of the persistent |
| disk resource in AWS (Amazon EBS volume). More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: string |
| required: |
| - volumeID |
| type: object |
| azureDisk: |
| description: azureDisk represents an Azure Data Disk |
| mount on the host and bind mount to the pod. |
| properties: |
| cachingMode: |
| description: 'cachingMode is the Host Caching mode: |
| None, Read Only, Read Write.' |
| type: string |
| diskName: |
| description: diskName is the Name of the data disk |
| in the blob storage |
| type: string |
| diskURI: |
| description: diskURI is the URI of data disk in |
| the blob storage |
| type: string |
| fsType: |
| description: fsType is Filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| kind: |
| description: 'kind expected values are Shared: multiple |
| blob disks per storage account Dedicated: single |
| blob disk per storage account Managed: azure |
| managed data disk (only in managed availability |
| set). defaults to shared' |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| required: |
| - diskName |
| - diskURI |
| type: object |
| azureFile: |
| description: azureFile represents an Azure File Service |
| mount on the host and bind mount to the pod. |
| properties: |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretName: |
| description: secretName is the name of secret that |
| contains Azure Storage Account Name and Key |
| type: string |
| shareName: |
| description: shareName is the azure share Name |
| type: string |
| required: |
| - secretName |
| - shareName |
| type: object |
| cephfs: |
| description: cephFS represents a Ceph FS mount on the |
| host that shares a pod's lifetime |
| properties: |
| monitors: |
| description: 'monitors is Required: Monitors is |
| a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| path: |
| description: 'path is Optional: Used as the mounted |
| root, rather than the full Ceph tree, default |
| is /' |
| type: string |
| readOnly: |
| description: 'readOnly is Optional: Defaults to |
| false (read/write). ReadOnly here will force the |
| ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: boolean |
| secretFile: |
| description: 'secretFile is Optional: SecretFile |
| is the path to key ring for User, default is /etc/ceph/user.secret |
| More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| secretRef: |
| description: 'secretRef is Optional: SecretRef is |
| reference to the authentication secret for User, |
| default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is optional: User is the rados |
| user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| required: |
| - monitors |
| type: object |
| cinder: |
| description: 'cinder represents a cinder volume attached |
| and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Examples: "ext4", "xfs", "ntfs". |
| Implicitly inferred to be "ext4" if unspecified. |
| More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| readOnly: |
| description: 'readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: boolean |
| secretRef: |
| description: 'secretRef is optional: points to a |
| secret object containing parameters used to connect |
| to OpenStack.' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeID: |
| description: 'volumeID used to identify the volume |
| in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| required: |
| - volumeID |
| type: object |
| configMap: |
| description: configMap represents a configMap that should |
| populate this volume |
| properties: |
| defaultMode: |
| description: 'defaultMode is optional: mode bits |
| used to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Defaults to 0644. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options that |
| affect the file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced ConfigMap |
| will be projected into the volume as a file whose |
| name is the key and content is the value. If specified, |
| the listed keys will be projected into the specified |
| paths, and unlisted keys will not be present. |
| If a key is specified which is not present in |
| the ConfigMap, the volume setup will error unless |
| it is marked optional. Paths must be relative |
| and may not contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. Must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. If |
| not specified, the volume defaultMode will |
| be used. This might be in conflict with |
| other options that affect the file mode, |
| like fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path of |
| the file to map the key to. May not be an |
| absolute path. May not contain the path |
| element '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: optional specify whether the ConfigMap |
| or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| csi: |
| description: csi (Container Storage Interface) represents |
| ephemeral storage that is handled by certain external |
| CSI drivers (Beta feature). |
| properties: |
| driver: |
| description: driver is the name of the CSI driver |
| that handles this volume. Consult with your admin |
| for the correct name as registered in the cluster. |
| type: string |
| fsType: |
| description: fsType to mount. Ex. "ext4", "xfs", |
| "ntfs". If not provided, the empty value is passed |
| to the associated CSI driver which will determine |
| the default filesystem to apply. |
| type: string |
| nodePublishSecretRef: |
| description: nodePublishSecretRef is a reference |
| to the secret object containing sensitive information |
| to pass to the CSI driver to complete the CSI |
| NodePublishVolume and NodeUnpublishVolume calls. |
| This field is optional, and may be empty if no |
| secret is required. If the secret object contains |
| more than one secret, all secret references are |
| passed. |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| readOnly: |
| description: readOnly specifies a read-only configuration |
| for the volume. Defaults to false (read/write). |
| type: boolean |
| volumeAttributes: |
| additionalProperties: |
| type: string |
| description: volumeAttributes stores driver-specific |
| properties that are passed to the CSI driver. |
| Consult your driver's documentation for supported |
| values. |
| type: object |
| required: |
| - driver |
| type: object |
| downwardAPI: |
| description: downwardAPI represents downward API about |
| the pod that should populate this volume |
| properties: |
| defaultMode: |
| description: 'Optional: mode bits to use on created |
| files by default. Must be a Optional: mode bits |
| used to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Defaults to 0644. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options that |
| affect the file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: Items is a list of downward API volume |
| file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing the |
| pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field of |
| the pod: only annotations, labels, name |
| and namespace are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used to |
| set permissions on this file, must be an |
| octal value between 0000 and 0777 or a decimal |
| value between 0 and 511. YAML accepts both |
| octal and decimal values, JSON requires |
| decimal values for mode bits. If not specified, |
| the volume defaultMode will be used. This |
| might be in conflict with other options |
| that affect the file mode, like fsGroup, |
| and the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the relative |
| path name of the file to be created. Must |
| not be absolute or contain the ''..'' path. |
| Must be utf-8 encoded. The first item of |
| the relative path must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, requests.cpu and requests.memory) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| emptyDir: |
| description: 'emptyDir represents a temporary directory |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| properties: |
| medium: |
| description: 'medium represents what type of storage |
| medium should back this directory. The default |
| is "" which means to use the node''s default medium. |
| Must be an empty string (default) or Memory. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount of local |
| storage required for this EmptyDir volume. The |
| size limit is also applicable for memory medium. |
| The maximum usage on memory medium EmptyDir would |
| be the minimum value between the SizeLimit specified |
| here and the sum of memory limits of all containers |
| in a pod. The default is nil which means that |
| the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| ephemeral: |
| description: "ephemeral represents a volume that is |
| handled by a cluster storage driver. The volume's |
| lifecycle is tied to the pod that defines it - it |
| will be created before the pod starts, and deleted |
| when the pod is removed. \n Use this if: a) the volume |
| is only needed while the pod runs, b) features of |
| normal volumes like restoring from snapshot or capacity |
| tracking are needed, c) the storage driver is specified |
| through a storage class, and d) the storage driver |
| supports dynamic volume provisioning through a PersistentVolumeClaim |
| (see EphemeralVolumeSource for more information on |
| the connection between this volume type and PersistentVolumeClaim). |
| \n Use PersistentVolumeClaim or one of the vendor-specific |
| APIs for volumes that persist for longer than the |
| lifecycle of an individual pod. \n Use CSI for light-weight |
| local ephemeral volumes if the CSI driver is meant |
| to be used that way - see the documentation of the |
| driver for more information. \n A pod can use both |
| types of ephemeral volumes and persistent volumes |
| at the same time." |
| properties: |
| volumeClaimTemplate: |
| description: "Will be used to create a stand-alone |
| PVC to provision the volume. The pod in which |
| this EphemeralVolumeSource is embedded will be |
| the owner of the PVC, i.e. the PVC will be deleted |
| together with the pod. The name of the PVC will |
| be `<pod name>-<volume name>` where `<volume name>` |
| is the name from the `PodSpec.Volumes` array entry. |
| Pod validation will reject the pod if the concatenated |
| name is not valid for a PVC (for example, too |
| long). \n An existing PVC with that name that |
| is not owned by the pod will *not* be used for |
| the pod to avoid using an unrelated volume by |
| mistake. Starting the pod is then blocked until |
| the unrelated PVC is removed. If such a pre-created |
| PVC is meant to be used by the pod, the PVC has |
| to updated with an owner reference to the pod |
| once the pod exists. Normally this should not |
| be necessary, but it may be useful when manually |
| reconstructing a broken cluster. \n This field |
| is read-only and no changes will be made by Kubernetes |
| to the PVC after it has been created. \n Required, |
| must not be nil." |
| properties: |
| metadata: |
| description: May contain labels and annotations |
| that will be copied into the PVC when creating |
| it. No other fields are allowed and will be |
| rejected during validation. |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged into |
| the PVC that gets created from this template. |
| The same fields as in a PersistentVolumeClaim |
| are also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the desired |
| access modes the volume should have. More |
| info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be used |
| to specify either: * An existing VolumeSnapshot |
| object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) |
| If the provisioner or an external controller |
| can support the specified data source, |
| it will create a new volume based on the |
| contents of the specified data source. |
| When the AnyVolumeDataSource feature gate |
| is enabled, dataSource contents will be |
| copied to dataSourceRef, and dataSourceRef |
| contents will be copied to dataSource |
| when dataSourceRef.namespace is not specified. |
| If the namespace is specified, then dataSourceRef |
| will not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for |
| the resource being referenced. If |
| APIGroup is not specified, the specified |
| Kind must be in the core API group. |
| For any other third-party types, APIGroup |
| is required. |
| type: string |
| kind: |
| description: Kind is the type of resource |
| being referenced |
| type: string |
| name: |
| description: Name is the name of resource |
| being referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies the |
| object from which to populate the volume |
| with data, if a non-empty volume is desired. |
| This may be any object from a non-empty |
| API group (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, |
| volume binding will only succeed if the |
| type of the specified object matches some |
| installed volume populator or dynamic |
| provisioner. This field will replace the |
| functionality of the dataSource field |
| and as such if both fields are non-empty, |
| they must have the same value. For backwards |
| compatibility, when namespace isn''t specified |
| in dataSourceRef, both fields (dataSource |
| and dataSourceRef) will be set to the |
| same value automatically if one of them |
| is empty and the other is non-empty. When |
| namespace is specified in dataSourceRef, |
| dataSource isn''t set to the same value |
| and must be empty. There are three important |
| differences between dataSource and dataSourceRef: |
| * While dataSource only allows two specific |
| types of objects, dataSourceRef allows |
| any non-core object, as well as PersistentVolumeClaim |
| objects. * While dataSource ignores disallowed |
| values (dropping them), dataSourceRef |
| preserves all values, and generates an |
| error if a disallowed value is specified. |
| * While dataSource only allows local objects, |
| dataSourceRef allows objects in any namespaces. |
| (Beta) Using this field requires the AnyVolumeDataSource |
| feature gate to be enabled. (Alpha) Using |
| the namespace field of dataSourceRef requires |
| the CrossNamespaceVolumeDataSource feature |
| gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for |
| the resource being referenced. If |
| APIGroup is not specified, the specified |
| Kind must be in the core API group. |
| For any other third-party types, APIGroup |
| is required. |
| type: string |
| kind: |
| description: Kind is the type of resource |
| being referenced |
| type: string |
| name: |
| description: Name is the name of resource |
| being referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace |
| of resource being referenced Note |
| that when a namespace is specified, |
| a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent |
| namespace to allow that namespace's |
| owner to accept the reference. See |
| the ReferenceGrant documentation for |
| details. (Alpha) This field requires |
| the CrossNamespaceVolumeDataSource |
| feature gate to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the minimum |
| resources the volume should have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed to |
| specify resource requirements that are |
| lower than previous value but must still |
| be higher than capacity recorded in the |
| status field of the claim. More info: |
| https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names |
| of resources, defined in spec.resourceClaims, |
| that are used by this container. \n |
| This is an alpha field and requires |
| enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. |
| It can only be set for containers." |
| items: |
| description: ResourceClaim references |
| one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the |
| name of one entry in pod.spec.resourceClaims |
| of the Pod where this field |
| is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum |
| amount of compute resources allowed. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the |
| minimum amount of compute resources |
| required. If Requests is omitted for |
| a container, it defaults to Limits |
| if that is explicitly specified, otherwise |
| to an implementation-defined value. |
| Requests cannot exceed Limits. More |
| info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query over |
| volumes to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the name |
| of the StorageClass required by the claim. |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what type |
| of volume is required by the claim. Value |
| of Filesystem is implied when not included |
| in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding reference |
| to the PersistentVolume backing this claim. |
| type: string |
| type: object |
| required: |
| - spec |
| type: object |
| type: object |
| fc: |
| description: fc represents a Fibre Channel resource |
| that is attached to a kubelet's host machine and then |
| exposed to the pod. |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. TODO: how |
| do we prevent errors in the filesystem from compromising |
| the machine' |
| type: string |
| lun: |
| description: 'lun is Optional: FC target lun number' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly is Optional: Defaults to |
| false (read/write). ReadOnly here will force the |
| ReadOnly setting in VolumeMounts.' |
| type: boolean |
| targetWWNs: |
| description: 'targetWWNs is Optional: FC target |
| worldwide names (WWNs)' |
| items: |
| type: string |
| type: array |
| wwids: |
| description: 'wwids Optional: FC volume world wide |
| identifiers (wwids) Either wwids or combination |
| of targetWWNs and lun must be set, but not both |
| simultaneously.' |
| items: |
| type: string |
| type: array |
| type: object |
| flexVolume: |
| description: flexVolume represents a generic volume |
| resource that is provisioned/attached using an exec |
| based plugin. |
| properties: |
| driver: |
| description: driver is the name of the driver to |
| use for this volume. |
| type: string |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". The |
| default filesystem depends on FlexVolume script. |
| type: string |
| options: |
| additionalProperties: |
| type: string |
| description: 'options is Optional: this field holds |
| extra command options if any.' |
| type: object |
| readOnly: |
| description: 'readOnly is Optional: defaults to |
| false (read/write). ReadOnly here will force the |
| ReadOnly setting in VolumeMounts.' |
| type: boolean |
| secretRef: |
| description: 'secretRef is Optional: secretRef is |
| reference to the secret object containing sensitive |
| information to pass to the plugin scripts. This |
| may be empty if no secret object is specified. |
| If the secret object contains more than one secret, |
| all secrets are passed to the plugin scripts.' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - driver |
| type: object |
| flocker: |
| description: flocker represents a Flocker volume attached |
| to a kubelet's host machine. This depends on the Flocker |
| control service being running |
| properties: |
| datasetName: |
| description: datasetName is Name of the dataset |
| stored as metadata -> name on the dataset for |
| Flocker should be considered as deprecated |
| type: string |
| datasetUUID: |
| description: datasetUUID is the UUID of the dataset. |
| This is unique identifier of a Flocker dataset |
| type: string |
| type: object |
| gcePersistentDisk: |
| description: 'gcePersistentDisk represents a GCE Disk |
| resource that is attached to a kubelet''s host machine |
| and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| properties: |
| fsType: |
| description: 'fsType is filesystem type of the volume |
| that you want to mount. Tip: Ensure that the filesystem |
| type is supported by the host operating system. |
| Examples: "ext4", "xfs", "ntfs". Implicitly inferred |
| to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in the |
| volume that you want to mount. If omitted, the |
| default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for /dev/sda |
| is "0" (or you can leave the property empty). |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| format: int32 |
| type: integer |
| pdName: |
| description: 'pdName is unique name of the PD resource |
| in GCE. Used to identify the disk in GCE. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: boolean |
| required: |
| - pdName |
| type: object |
| gitRepo: |
| description: 'gitRepo represents a git repository at |
| a particular revision. DEPRECATED: GitRepo is deprecated. |
| To provision a container with a git repo, mount an |
| EmptyDir into an InitContainer that clones the repo |
| using git, then mount the EmptyDir into the Pod''s |
| container.' |
| properties: |
| directory: |
| description: directory is the target directory name. |
| Must not contain or start with '..'. If '.' is |
| supplied, the volume directory will be the git |
| repository. Otherwise, if specified, the volume |
| will contain the git repository in the subdirectory |
| with the given name. |
| type: string |
| repository: |
| description: repository is the URL |
| type: string |
| revision: |
| description: revision is the commit hash for the |
| specified revision. |
| type: string |
| required: |
| - repository |
| type: object |
| glusterfs: |
| description: 'glusterfs represents a Glusterfs mount |
| on the host that shares a pod''s lifetime. More info: |
| https://examples.k8s.io/volumes/glusterfs/README.md' |
| properties: |
| endpoints: |
| description: 'endpoints is the endpoint name that |
| details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| path: |
| description: 'path is the Glusterfs volume path. |
| More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the Glusterfs |
| volume to be mounted with read-only permissions. |
| Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: boolean |
| required: |
| - endpoints |
| - path |
| type: object |
| hostPath: |
| description: 'hostPath represents a pre-existing file |
| or directory on the host machine that is directly |
| exposed to the container. This is generally used for |
| system agents or other privileged things that are |
| allowed to see the host machine. Most containers will |
| NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
| --- TODO(jonesdl) We need to restrict who can use |
| host directory mounts and who can/can not mount host |
| directories as read/write.' |
| properties: |
| path: |
| description: 'path of the directory on the host. |
| If the path is a symlink, it will follow the link |
| to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults |
| to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| iscsi: |
| description: 'iscsi represents an ISCSI Disk resource |
| that is attached to a kubelet''s host machine and |
| then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' |
| properties: |
| chapAuthDiscovery: |
| description: chapAuthDiscovery defines whether support |
| iSCSI Discovery CHAP authentication |
| type: boolean |
| chapAuthSession: |
| description: chapAuthSession defines whether support |
| iSCSI Session CHAP authentication |
| type: boolean |
| fsType: |
| description: 'fsType is the filesystem type of the |
| volume that you want to mount. Tip: Ensure that |
| the filesystem type is supported by the host operating |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#iscsi |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| initiatorName: |
| description: initiatorName is the custom iSCSI Initiator |
| Name. If initiatorName is specified with iscsiInterface |
| simultaneously, new iSCSI interface <target portal>:<volume |
| name> will be created for the connection. |
| type: string |
| iqn: |
| description: iqn is the target iSCSI Qualified Name. |
| type: string |
| iscsiInterface: |
| description: iscsiInterface is the interface Name |
| that uses an iSCSI transport. Defaults to 'default' |
| (tcp). |
| type: string |
| lun: |
| description: lun represents iSCSI Target Lun number. |
| format: int32 |
| type: integer |
| portals: |
| description: portals is the iSCSI Target Portal |
| List. The portal is either an IP or ip_addr:port |
| if the port is other than default (typically TCP |
| ports 860 and 3260). |
| items: |
| type: string |
| type: array |
| readOnly: |
| description: readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| type: boolean |
| secretRef: |
| description: secretRef is the CHAP Secret for iSCSI |
| target and initiator authentication |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| targetPortal: |
| description: targetPortal is iSCSI Target Portal. |
| The Portal is either an IP or ip_addr:port if |
| the port is other than default (typically TCP |
| ports 860 and 3260). |
| type: string |
| required: |
| - iqn |
| - lun |
| - targetPortal |
| type: object |
| nfs: |
| description: 'nfs represents an NFS mount on the host |
| that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| properties: |
| path: |
| description: 'path that is exported by the NFS server. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the NFS export |
| to be mounted with read-only permissions. Defaults |
| to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: boolean |
| server: |
| description: 'server is the hostname or IP address |
| of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| required: |
| - path |
| - server |
| type: object |
| persistentVolumeClaim: |
| description: 'persistentVolumeClaimVolumeSource represents |
| a reference to a PersistentVolumeClaim in the same |
| namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| properties: |
| claimName: |
| description: 'claimName is the name of a PersistentVolumeClaim |
| in the same namespace as the pod using this volume. |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| type: string |
| readOnly: |
| description: readOnly Will force the ReadOnly setting |
| in VolumeMounts. Default false. |
| type: boolean |
| required: |
| - claimName |
| type: object |
| photonPersistentDisk: |
| description: photonPersistentDisk represents a PhotonController |
| persistent disk attached and mounted on kubelets host |
| machine |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| pdID: |
| description: pdID is the ID that identifies Photon |
| Controller persistent disk |
| type: string |
| required: |
| - pdID |
| type: object |
| portworxVolume: |
| description: portworxVolume represents a portworx volume |
| attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fSType represents the filesystem type |
| to mount Must be a filesystem type supported by |
| the host operating system. Ex. "ext4", "xfs". |
| Implicitly inferred to be "ext4" if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| volumeID: |
| description: volumeID uniquely identifies a Portworx |
| volume |
| type: string |
| required: |
| - volumeID |
| type: object |
| projected: |
| description: projected items for all in one resources |
| secrets, configmaps, and downward API |
| properties: |
| defaultMode: |
| description: defaultMode are the mode bits used |
| to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Directories within the path |
| are not affected by this setting. This might be |
| in conflict with other options that affect the |
| file mode, like fsGroup, and the result can be |
| other mode bits set. |
| format: int32 |
| type: integer |
| sources: |
| description: sources is the list of volume projections |
| items: |
| description: Projection that may be projected |
| along with other supported volume types |
| properties: |
| configMap: |
| description: configMap information about the |
| configMap data to project |
| properties: |
| items: |
| description: items if unspecified, each |
| key-value pair in the Data field of |
| the referenced ConfigMap will be projected |
| into the volume as a file whose name |
| is the key and content is the value. |
| If specified, the listed keys will be |
| projected into the specified paths, |
| and unlisted keys will not be present. |
| If a key is specified which is not present |
| in the ConfigMap, the volume setup will |
| error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a |
| path within a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 or |
| a decimal value between 0 and |
| 511. YAML accepts both octal and |
| decimal values, JSON requires |
| decimal values for mode bits. |
| If not specified, the volume defaultMode |
| will be used. This might be in |
| conflict with other options that |
| affect the file mode, like fsGroup, |
| and the result can be other mode |
| bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the key |
| to. May not be an absolute path. |
| May not contain the path element |
| '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether |
| the ConfigMap or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| downwardAPI: |
| description: downwardAPI information about |
| the downwardAPI data to project |
| properties: |
| items: |
| description: Items is a list of DownwardAPIVolume |
| file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing |
| the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects |
| a field of the pod: only annotations, |
| labels, name and namespace are |
| supported.' |
| properties: |
| apiVersion: |
| description: Version of the |
| schema the FieldPath is written |
| in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field |
| to select in the specified |
| API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits |
| used to set permissions on this |
| file, must be an octal value between |
| 0000 and 0777 or a decimal value |
| between 0 and 511. YAML accepts |
| both octal and decimal values, |
| JSON requires decimal values for |
| mode bits. If not specified, the |
| volume defaultMode will be used. |
| This might be in conflict with |
| other options that affect the |
| file mode, like fsGroup, and the |
| result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the |
| relative path name of the file |
| to be created. Must not be absolute |
| or contain the ''..'' path. Must |
| be utf-8 encoded. The first item |
| of the relative path must not |
| start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource |
| of the container: only resources |
| limits and requests (limits.cpu, |
| limits.memory, requests.cpu and |
| requests.memory) are currently |
| supported.' |
| properties: |
| containerName: |
| description: 'Container name: |
| required for volumes, optional |
| for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource |
| to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| secret: |
| description: secret information about the |
| secret data to project |
| properties: |
| items: |
| description: items if unspecified, each |
| key-value pair in the Data field of |
| the referenced Secret will be projected |
| into the volume as a file whose name |
| is the key and content is the value. |
| If specified, the listed keys will be |
| projected into the specified paths, |
| and unlisted keys will not be present. |
| If a key is specified which is not present |
| in the Secret, the volume setup will |
| error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a |
| path within a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 or |
| a decimal value between 0 and |
| 511. YAML accepts both octal and |
| decimal values, JSON requires |
| decimal values for mode bits. |
| If not specified, the volume defaultMode |
| will be used. This might be in |
| conflict with other options that |
| affect the file mode, like fsGroup, |
| and the result can be other mode |
| bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the key |
| to. May not be an absolute path. |
| May not contain the path element |
| '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional field specify whether |
| the Secret or its key must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| serviceAccountToken: |
| description: serviceAccountToken is information |
| about the serviceAccountToken data to project |
| properties: |
| audience: |
| description: audience is the intended |
| audience of the token. A recipient of |
| a token must identify itself with an |
| identifier specified in the audience |
| of the token, and otherwise should reject |
| the token. The audience defaults to |
| the identifier of the apiserver. |
| type: string |
| expirationSeconds: |
| description: expirationSeconds is the |
| requested duration of validity of the |
| service account token. As the token |
| approaches expiration, the kubelet volume |
| plugin will proactively rotate the service |
| account token. The kubelet will start |
| trying to rotate the token if the token |
| is older than 80 percent of its time |
| to live or if the token is older than |
| 24 hours.Defaults to 1 hour and must |
| be at least 10 minutes. |
| format: int64 |
| type: integer |
| path: |
| description: path is the path relative |
| to the mount point of the file to project |
| the token into. |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| type: array |
| type: object |
| quobyte: |
| description: quobyte represents a Quobyte mount on the |
| host that shares a pod's lifetime |
| properties: |
| group: |
| description: group to map volume access to Default |
| is no group |
| type: string |
| readOnly: |
| description: readOnly here will force the Quobyte |
| volume to be mounted with read-only permissions. |
| Defaults to false. |
| type: boolean |
| registry: |
| description: registry represents a single or multiple |
| Quobyte Registry services specified as a string |
| as host:port pair (multiple entries are separated |
| with commas) which acts as the central registry |
| for volumes |
| type: string |
| tenant: |
| description: tenant owning the given Quobyte volume |
| in the Backend Used with dynamically provisioned |
| Quobyte volumes, value is set by the plugin |
| type: string |
| user: |
| description: user to map volume access to Defaults |
| to serivceaccount user |
| type: string |
| volume: |
| description: volume is a string that references |
| an already created Quobyte volume by name. |
| type: string |
| required: |
| - registry |
| - volume |
| type: object |
| rbd: |
| description: 'rbd represents a Rados Block Device mount |
| on the host that shares a pod''s lifetime. More info: |
| https://examples.k8s.io/volumes/rbd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type of the |
| volume that you want to mount. Tip: Ensure that |
| the filesystem type is supported by the host operating |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#rbd |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| image: |
| description: 'image is the rados image name. More |
| info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| keyring: |
| description: 'keyring is the path to key ring for |
| RBDUser. Default is /etc/ceph/keyring. More info: |
| https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| monitors: |
| description: 'monitors is a collection of Ceph monitors. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| pool: |
| description: 'pool is the rados pool name. Default |
| is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. More |
| info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: boolean |
| secretRef: |
| description: 'secretRef is name of the authentication |
| secret for RBDUser. If provided overrides keyring. |
| Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is the rados user name. Default |
| is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| required: |
| - image |
| - monitors |
| type: object |
| scaleIO: |
| description: scaleIO represents a ScaleIO persistent |
| volume attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Default |
| is "xfs". |
| type: string |
| gateway: |
| description: gateway is the host address of the |
| ScaleIO API Gateway. |
| type: string |
| protectionDomain: |
| description: protectionDomain is the name of the |
| ScaleIO Protection Domain for the configured storage. |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef references to the secret |
| for ScaleIO user and other sensitive information. |
| If this is not provided, Login operation will |
| fail. |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| sslEnabled: |
| description: sslEnabled Flag enable/disable SSL |
| communication with Gateway, default false |
| type: boolean |
| storageMode: |
| description: storageMode indicates whether the storage |
| for a volume should be ThickProvisioned or ThinProvisioned. |
| Default is ThinProvisioned. |
| type: string |
| storagePool: |
| description: storagePool is the ScaleIO Storage |
| Pool associated with the protection domain. |
| type: string |
| system: |
| description: system is the name of the storage system |
| as configured in ScaleIO. |
| type: string |
| volumeName: |
| description: volumeName is the name of a volume |
| already created in the ScaleIO system that is |
| associated with this volume source. |
| type: string |
| required: |
| - gateway |
| - secretRef |
| - system |
| type: object |
| secret: |
| description: 'secret represents a secret that should |
| populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| properties: |
| defaultMode: |
| description: 'defaultMode is Optional: mode bits |
| used to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Defaults to 0644. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options that |
| affect the file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items If unspecified, each key-value |
| pair in the Data field of the referenced Secret |
| will be projected into the volume as a file whose |
| name is the key and content is the value. If specified, |
| the listed keys will be projected into the specified |
| paths, and unlisted keys will not be present. |
| If a key is specified which is not present in |
| the Secret, the volume setup will error unless |
| it is marked optional. Paths must be relative |
| and may not contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. Must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. If |
| not specified, the volume defaultMode will |
| be used. This might be in conflict with |
| other options that affect the file mode, |
| like fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path of |
| the file to map the key to. May not be an |
| absolute path. May not contain the path |
| element '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| optional: |
| description: optional field specify whether the |
| Secret or its keys must be defined |
| type: boolean |
| secretName: |
| description: 'secretName is the name of the secret |
| in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| type: string |
| type: object |
| storageos: |
| description: storageOS represents a StorageOS volume |
| attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef specifies the secret to use |
| for obtaining the StorageOS API credentials. If |
| not specified, default values will be attempted. |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeName: |
| description: volumeName is the human-readable name |
| of the StorageOS volume. Volume names are only |
| unique within a namespace. |
| type: string |
| volumeNamespace: |
| description: volumeNamespace specifies the scope |
| of the volume within StorageOS. If no namespace |
| is specified then the Pod's namespace will be |
| used. This allows the Kubernetes name scoping |
| to be mirrored within StorageOS for tighter integration. |
| Set VolumeName to any name to override the default |
| behaviour. Set to "default" if you are not using |
| namespaces within StorageOS. Namespaces that do |
| not pre-exist within StorageOS will be created. |
| type: string |
| type: object |
| vsphereVolume: |
| description: vsphereVolume represents a vSphere volume |
| attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fsType is filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| storagePolicyID: |
| description: storagePolicyID is the storage Policy |
| Based Management (SPBM) profile ID associated |
| with the StoragePolicyName. |
| type: string |
| storagePolicyName: |
| description: storagePolicyName is the storage Policy |
| Based Management (SPBM) profile name. |
| type: string |
| volumePath: |
| description: volumePath is the path that identifies |
| vSphere volume vmdk |
| type: string |
| required: |
| - volumePath |
| type: object |
| type: object |
| required: |
| - source |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| busyBoxImage: |
| description: ContainerImage defines the fields needed for a Docker |
| repository image. The format here matches the predominant format |
| used in Helm charts. |
| properties: |
| imagePullSecret: |
| type: string |
| pullPolicy: |
| description: PullPolicy describes a policy for if/when to pull |
| a container image |
| type: string |
| repository: |
| type: string |
| tag: |
| type: string |
| type: object |
| customSolrKubeOptions: |
| description: Provide custom options for kubernetes objects created |
| for the Solr Cloud. |
| properties: |
| commonServiceOptions: |
| description: CommonServiceOptions defines the custom options for |
| the common solrCloud Service. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the Service. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the Service. |
| type: object |
| type: object |
| configMapOptions: |
| description: ServiceOptions defines the custom options for the |
| solrCloud ConfigMap. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the ConfigMap. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the ConfigMap. |
| type: object |
| providedConfigMap: |
| description: Name of a user provided ConfigMap in the same |
| namespace containing a custom solr.xml |
| type: string |
| type: object |
| headlessServiceOptions: |
| description: HeadlessServiceOptions defines the custom options |
| for the headless solrCloud Service. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the Service. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the Service. |
| type: object |
| type: object |
| ingressOptions: |
| description: IngressOptions defines the custom options for the |
| solrCloud Ingress. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the Ingress. |
| type: object |
| ingressClassName: |
| description: IngressClassName is the name of the IngressClass |
| cluster resource. The associated IngressClass defines which |
| controller will implement the resource. |
| maxLength: 63 |
| minLength: 1 |
| pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' |
| type: string |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the Ingress. |
| type: object |
| type: object |
| nodeServiceOptions: |
| description: NodeServiceOptions defines the custom options for |
| the individual solrCloud Node services, if they are created. |
| These services will only be created when exposing SolrNodes |
| externally via an Ingress in the AddressabilityOptions. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the Service. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the Service. |
| type: object |
| type: object |
| podOptions: |
| description: SolrPodOptions defines the custom options for solrCloud |
| pods. |
| properties: |
| affinity: |
| description: The scheduling constraints on pods. |
| properties: |
| nodeAffinity: |
| description: Describes node affinity scheduling rules |
| for the pod. |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a node |
| that violates one or more of the expressions. The |
| node that is most preferred is the one with the |
| greatest sum of weights, i.e. for each node that |
| meets all of the scheduling requirements (resource |
| request, requiredDuringScheduling affinity expressions, |
| etc.), compute a sum by iterating through the elements |
| of this field and adding "weight" to the sum if |
| the node matches the corresponding matchExpressions; |
| the node(s) with the highest sum are the most preferred. |
| items: |
| description: An empty preferred scheduling term |
| matches all objects with implicit weight 0 (i.e. |
| it's a no-op). A null preferred scheduling term |
| matches no objects (i.e. is also a no-op). |
| properties: |
| preference: |
| description: A node selector term, associated |
| with the corresponding weight. |
| properties: |
| matchExpressions: |
| description: A list of node selector requirements |
| by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector requirements |
| by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| weight: |
| description: Weight associated with matching |
| the corresponding nodeSelectorTerm, in the |
| range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - preference |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, the |
| pod will not be scheduled onto the node. If the |
| affinity requirements specified by this field cease |
| to be met at some point during pod execution (e.g. |
| due to an update), the system may or may not try |
| to eventually evict the pod from its node. |
| properties: |
| nodeSelectorTerms: |
| description: Required. A list of node selector |
| terms. The terms are ORed. |
| items: |
| description: A null or empty node selector term |
| matches no objects. The requirements of them |
| are ANDed. The TopologySelectorTerm type implements |
| a subset of the NodeSelectorTerm. |
| properties: |
| matchExpressions: |
| description: A list of node selector requirements |
| by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector requirements |
| by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| required: |
| - nodeSelectorTerms |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| podAffinity: |
| description: Describes pod affinity scheduling rules (e.g. |
| co-locate this pod in the same node, zone, etc. as some |
| other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a node |
| that violates one or more of the expressions. The |
| node that is most preferred is the one with the |
| greatest sum of weights, i.e. for each node that |
| meets all of the scheduling requirements (resource |
| request, requiredDuringScheduling affinity expressions, |
| etc.), compute a sum by iterating through the elements |
| of this field and adding "weight" to the sum if |
| the node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest sum |
| are the most preferred. |
| items: |
| description: The weights of all of the matched WeightedPodAffinityTerm |
| fields are added per-node to find the most preferred |
| node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in the |
| range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, the |
| pod will not be scheduled onto the node. If the |
| affinity requirements specified by this field cease |
| to be met at some point during pod execution (e.g. |
| due to a pod label update), the system may or may |
| not try to eventually evict the pod from its node. |
| When there are multiple elements, the lists of nodes |
| corresponding to each podAffinityTerm are intersected, |
| i.e. all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the given |
| namespace(s)) that this pod should be co-located |
| (affinity) or not co-located (anti-affinity) with, |
| where co-located is defined as running on a node |
| whose value of the label with key <topologyKey> |
| matches that of any node on which a pod of the |
| set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by |
| this field and the ones listed in the namespaces |
| field. null selector and null or empty namespaces |
| list means "this pod's namespace". An empty |
| selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. |
| The term is applied to the union of the namespaces |
| listed in this field and the ones selected |
| by namespaceSelector. null or empty namespaces |
| list and null namespaceSelector means "this |
| pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the |
| pods matching the labelSelector in the specified |
| namespaces, where co-located is defined as |
| running on a node whose value of the label |
| with key topologyKey matches that of any node |
| on which any of the selected pods is running. |
| Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| podAntiAffinity: |
| description: Describes pod anti-affinity scheduling rules |
| (e.g. avoid putting this pod in the same node, zone, |
| etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the anti-affinity expressions |
| specified by this field, but it may choose a node |
| that violates one or more of the expressions. The |
| node that is most preferred is the one with the |
| greatest sum of weights, i.e. for each node that |
| meets all of the scheduling requirements (resource |
| request, requiredDuringScheduling anti-affinity |
| expressions, etc.), compute a sum by iterating through |
| the elements of this field and adding "weight" to |
| the sum if the node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest sum |
| are the most preferred. |
| items: |
| description: The weights of all of the matched WeightedPodAffinityTerm |
| fields are added per-node to find the most preferred |
| node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in the |
| range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the anti-affinity requirements specified |
| by this field are not met at scheduling time, the |
| pod will not be scheduled onto the node. If the |
| anti-affinity requirements specified by this field |
| cease to be met at some point during pod execution |
| (e.g. due to a pod label update), the system may |
| or may not try to eventually evict the pod from |
| its node. When there are multiple elements, the |
| lists of nodes corresponding to each podAffinityTerm |
| are intersected, i.e. all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the given |
| namespace(s)) that this pod should be co-located |
| (affinity) or not co-located (anti-affinity) with, |
| where co-located is defined as running on a node |
| whose value of the label with key <topologyKey> |
| matches that of any node on which a pod of the |
| set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by |
| this field and the ones listed in the namespaces |
| field. null selector and null or empty namespaces |
| list means "this pod's namespace". An empty |
| selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. |
| The term is applied to the union of the namespaces |
| listed in this field and the ones selected |
| by namespaceSelector. null or empty namespaces |
| list and null namespaceSelector means "this |
| pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the |
| pods matching the labelSelector in the specified |
| namespaces, where co-located is defined as |
| running on a node whose value of the label |
| with key topologyKey matches that of any node |
| on which any of the selected pods is running. |
| Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| type: object |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for pods. |
| type: object |
| defaultInitContainerResources: |
| description: DefaultInitContainerResources are the resource |
| requirements for the default init container(s) created by |
| the Solr Operator, if any are created. |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where this |
| field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of compute |
| resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount of |
| compute resources required. If Requests is omitted for |
| a container, it defaults to Limits if that is explicitly |
| specified, otherwise to an implementation-defined value. |
| Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| envVars: |
| description: Additional environment variables to pass to the |
| default container. |
| items: |
| description: EnvVar represents an environment variable present |
| in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are expanded |
| using the previously defined environment variables |
| in the container and any service environment variables. |
| If a variable cannot be resolved, the reference in |
| the input string will be unchanged. Double $$ are |
| reduced to a single $, which allows for escaping the |
| $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's value. |
| Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap or |
| its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the pod's |
| namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its |
| key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| imagePullSecrets: |
| description: ImagePullSecrets to apply to the pod. These are |
| for init/sidecarContainers in addition to the imagePullSecret |
| defined for the solr image. |
| items: |
| description: LocalObjectReference contains enough information |
| to let you locate the referenced object inside the same |
| namespace. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| initContainers: |
| description: Additional init containers to run in the pod. |
| These will run along with the init container that sets up |
| the "solr.xml". |
| items: |
| description: A single application container that you want |
| to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. If |
| a variable cannot be resolved, the reference in the |
| input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists |
| or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in |
| the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Defaults |
| to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container is |
| starting. When a key exists in multiple sources, the |
| value associated with the last source will take precedence. |
| Values defined by an Env with a duplicate key will |
| take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of |
| a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag is |
| specified, or IfNotPresent otherwise. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. Cannot |
| be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, |
| the container is terminated and restarted according |
| to its restart policy. Other management of the |
| container blocks until the hook completes. More |
| info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup probe |
| failure, preemption, resource contention, etc. |
| The handler is not called if the container crashes |
| or exits. The Pod''s termination grace period |
| countdown begins before the PreStop hook is executed. |
| Regardless of the outcome of the handler, the |
| container will eventually terminate within the |
| Pod''s termination grace period (unless delayed |
| by finalizers). Other management of the container |
| blocks until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on |
| the default "0.0.0.0" address inside a container will |
| be accessible from the network. Modifying this array |
| with strategic merge patch may corrupt the data. For |
| more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port |
| in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, |
| 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in |
| a pod must have a unique name. Name for the |
| port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this |
| resource resize policy applies. Supported values: |
| cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It can |
| only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one |
| entry in pod.spec.resourceClaims of the |
| Pod where this field is used. It makes that |
| resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| restartPolicy: |
| description: 'RestartPolicy defines the restart behavior |
| of individual containers in a pod. This field may |
| only be set for init containers, and the only allowed |
| value is "Always". For non-init containers or when |
| this field is not specified, the restart behavior |
| is defined by the Pod''s restart policy and the container |
| type. Setting the RestartPolicy as "Always" for the |
| init container will have the following effect: this |
| init container will be continually restarted on exit |
| until all regular containers have terminated. Once |
| all regular containers have completed, all init containers |
| with restartPolicy "Always" will be shut down. This |
| lifecycle differs from normal init containers and |
| is often referred to as a "sidecar" container. Although |
| this init container still starts in the init container |
| sequence, it does not wait for the container to complete |
| before proceeding to the next init container. Instead, |
| the next init container starts immediately after this |
| init container is started, or after any startupProbe |
| has successfully completed.' |
| type: string |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields |
| of SecurityContext override the equivalent fields |
| of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the container |
| process. AllowPrivilegeEscalation is true always |
| when the container is: 1) run as Privileged 2) |
| has CAP_SYS_ADMIN Note that this field cannot |
| be set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default is |
| DefaultProcMount which uses the container runtime |
| defaults for readonly paths and masked paths. |
| This requires the ProcMountType feature flag to |
| be enabled. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will |
| validate the image at runtime to ensure that it |
| does not run as UID 0 (root) and fail to start |
| the container if it does. If unset or false, no |
| such validation will be performed. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| the container. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must be set if type is "Localhost". |
| Must NOT be set for any other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file |
| on the node should be used. RuntimeDefault |
| - the container runtime default profile should |
| be used. Unconfined - no profile should be |
| applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. Defaults |
| to the user specified in image metadata if |
| unspecified. May also be set in PodSecurityContext. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has |
| successfully initialized. If specified, no other probes |
| are executed until this completes successfully. If |
| this probe fails, the Pod will be restarted, just |
| as if the livenessProbe failed. This can be used to |
| provide different probe parameters at the beginning |
| of a Pod''s lifecycle, when it might take a long time |
| to load data or warm a cache, than during steady-state |
| operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If this |
| is not set, reads from stdin in the container will |
| always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce |
| is set to true, stdin is opened on container start, |
| is empty until the first client attaches to stdin, |
| and then remains open and accepts data until the client |
| disconnects, at which time stdin is closed and remains |
| closed until the container is restarted. If this flag |
| is false, a container processes that reads from stdin |
| will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written |
| is mounted into the container''s filesystem. Message |
| written is intended to be brief final status, such |
| as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last |
| chunk of container log output if the termination message |
| file is empty and the container exited with an error. |
| The log output is limited to 2048 bytes or 80 lines, |
| whichever is smaller. Defaults to File. Cannot be |
| updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a |
| raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a |
| Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment |
| variable references $(VAR_NAME) are expanded |
| using the container's environment. Defaults |
| to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which |
| might be configured in the container image. Cannot |
| be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for pods. |
| type: object |
| lifecycle: |
| description: Lifecycle for the main container |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after a |
| container is created. If the handler fails, the container |
| is terminated and restarted according to its restart |
| policy. Other management of the container blocks until |
| the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory |
| for the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it |
| is not run inside a shell, so traditional shell |
| instructions ('|', etc) won't work. To use a |
| shell, you need to explicitly call out to that |
| shell. Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to |
| perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this field |
| and lifecycle hooks will fail in runtime when tcp |
| handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before a container |
| is terminated due to an API request or management event |
| such as liveness/startup probe failure, preemption, |
| resource contention, etc. The handler is not called |
| if the container crashes or exits. The Pod''s termination |
| grace period countdown begins before the PreStop hook |
| is executed. Regardless of the outcome of the handler, |
| the container will eventually terminate within the Pod''s |
| termination grace period (unless delayed by finalizers). |
| Other management of the container blocks until the hook |
| completes or until the termination grace period is reached. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory |
| for the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it |
| is not run inside a shell, so traditional shell |
| instructions ('|', etc) won't work. To use a |
| shell, you need to explicitly call out to that |
| shell. Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to |
| perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this field |
| and lifecycle hooks will fail in runtime when tcp |
| handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: Liveness probe parameters |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| nodeSelector: |
| additionalProperties: |
| type: string |
| description: Node Selector to be added for the StatefulSet. |
| type: object |
| podSecurityContext: |
| description: PodSecurityContext is the security context for |
| the pod. |
| properties: |
| fsGroup: |
| description: "A special supplemental group that applies |
| to all containers in a pod. Some volume types allow |
| the Kubelet to change the ownership of that volume to |
| be owned by the pod: \n 1. The owning GID will be the |
| FSGroup 2. The setgid bit is set (new files created |
| in the volume will be owned by FSGroup) 3. The permission |
| bits are OR'd with rw-rw---- \n If unset, the Kubelet |
| will not modify the ownership and permissions of any |
| volume. Note that this field cannot be set when spec.os.name |
| is windows." |
| format: int64 |
| type: integer |
| fsGroupChangePolicy: |
| description: 'fsGroupChangePolicy defines behavior of |
| changing ownership and permission of the volume before |
| being exposed inside Pod. This field will only apply |
| to volume types which support fsGroup based ownership(and |
| permissions). It will have no effect on ephemeral volume |
| types such as: secret, configmaps and emptydir. Valid |
| values are "OnRootMismatch" and "Always". If not specified, |
| "Always" is used. Note that this field cannot be set |
| when spec.os.name is windows.' |
| type: string |
| runAsGroup: |
| description: The GID to run the entrypoint of the container |
| process. Uses runtime default if unset. May also be |
| set in SecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run as |
| a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not run |
| as UID 0 (root) and fail to start the container if it |
| does. If unset or false, no such validation will be |
| performed. May also be set in SecurityContext. If set |
| in both SecurityContext and PodSecurityContext, the |
| value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the container |
| process. Defaults to user specified in image metadata |
| if unspecified. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence |
| for that container. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to all |
| containers. If unspecified, the container runtime will |
| allocate a random SELinux context for each container. May |
| also be set in SecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that applies |
| to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that applies |
| to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that applies |
| to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that applies |
| to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by the containers |
| in this pod. Note that this field cannot be set when |
| spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. The |
| profile must be preconfigured on the node to work. |
| Must be a descending path, relative to the kubelet's |
| configured seccomp profile location. Must be set |
| if type is "Localhost". Must NOT be set for any |
| other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: \n Localhost |
| - a profile defined in a file on the node should |
| be used. RuntimeDefault - the container runtime |
| default profile should be used. Unconfined - no |
| profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| supplementalGroups: |
| description: A list of groups applied to the first process |
| run in each container, in addition to the container's |
| primary GID, the fsGroup (if specified), and group memberships |
| defined in the container image for the uid of the container |
| process. If unspecified, no additional groups are added |
| to any container. Note that group memberships defined |
| in the container image for the uid of the container |
| process are still effective, even if they are not included |
| in this list. Note that this field cannot be set when |
| spec.os.name is windows. |
| items: |
| format: int64 |
| type: integer |
| type: array |
| sysctls: |
| description: Sysctls hold a list of namespaced sysctls |
| used for the pod. Pods with unsupported sysctls (by |
| the container runtime) might fail to launch. Note that |
| this field cannot be set when spec.os.name is windows. |
| items: |
| description: Sysctl defines a kernel parameter to be |
| set |
| properties: |
| name: |
| description: Name of a property to set |
| type: string |
| value: |
| description: Value of a property to set |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| windowsOptions: |
| description: The Windows specific settings applied to |
| all containers. If unspecified, the options within a |
| container's SecurityContext will be used. If set in |
| both SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence. Note |
| that this field cannot be set when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential spec |
| named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name of |
| the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. All |
| of a Pod's containers must have the same effective |
| HostProcess value (it is not allowed to have a mix |
| of HostProcess containers and non-HostProcess containers). |
| In addition, if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the entrypoint |
| of the container process. Defaults to the user specified |
| in image metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| priorityClassName: |
| description: PriorityClassName for the pod |
| type: string |
| readinessProbe: |
| description: Readiness probe parameters |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resources: |
| description: Resources is the resource requirements for the |
| default container. |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where this |
| field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of compute |
| resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount of |
| compute resources required. If Requests is omitted for |
| a container, it defaults to Limits if that is explicitly |
| specified, otherwise to an implementation-defined value. |
| Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| serviceAccountName: |
| description: Optional Service Account to run the pod under. |
| type: string |
| sidecarContainers: |
| description: Sidecar containers to run in the pod. These are |
| in addition to the Solr Container |
| items: |
| description: A single application container that you want |
| to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. If |
| a variable cannot be resolved, the reference in the |
| input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists |
| or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in |
| the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Defaults |
| to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container is |
| starting. When a key exists in multiple sources, the |
| value associated with the last source will take precedence. |
| Values defined by an Env with a duplicate key will |
| take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of |
| a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag is |
| specified, or IfNotPresent otherwise. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. Cannot |
| be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, |
| the container is terminated and restarted according |
| to its restart policy. Other management of the |
| container blocks until the hook completes. More |
| info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup probe |
| failure, preemption, resource contention, etc. |
| The handler is not called if the container crashes |
| or exits. The Pod''s termination grace period |
| countdown begins before the PreStop hook is executed. |
| Regardless of the outcome of the handler, the |
| container will eventually terminate within the |
| Pod''s termination grace period (unless delayed |
| by finalizers). Other management of the container |
| blocks until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on |
| the default "0.0.0.0" address inside a container will |
| be accessible from the network. Modifying this array |
| with strategic merge patch may corrupt the data. For |
| more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port |
| in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, |
| 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in |
| a pod must have a unique name. Name for the |
| port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this |
| resource resize policy applies. Supported values: |
| cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It can |
| only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one |
| entry in pod.spec.resourceClaims of the |
| Pod where this field is used. It makes that |
| resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| restartPolicy: |
| description: 'RestartPolicy defines the restart behavior |
| of individual containers in a pod. This field may |
| only be set for init containers, and the only allowed |
| value is "Always". For non-init containers or when |
| this field is not specified, the restart behavior |
| is defined by the Pod''s restart policy and the container |
| type. Setting the RestartPolicy as "Always" for the |
| init container will have the following effect: this |
| init container will be continually restarted on exit |
| until all regular containers have terminated. Once |
| all regular containers have completed, all init containers |
| with restartPolicy "Always" will be shut down. This |
| lifecycle differs from normal init containers and |
| is often referred to as a "sidecar" container. Although |
| this init container still starts in the init container |
| sequence, it does not wait for the container to complete |
| before proceeding to the next init container. Instead, |
| the next init container starts immediately after this |
| init container is started, or after any startupProbe |
| has successfully completed.' |
| type: string |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields |
| of SecurityContext override the equivalent fields |
| of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the container |
| process. AllowPrivilegeEscalation is true always |
| when the container is: 1) run as Privileged 2) |
| has CAP_SYS_ADMIN Note that this field cannot |
| be set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default is |
| DefaultProcMount which uses the container runtime |
| defaults for readonly paths and masked paths. |
| This requires the ProcMountType feature flag to |
| be enabled. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will |
| validate the image at runtime to ensure that it |
| does not run as UID 0 (root) and fail to start |
| the container if it does. If unset or false, no |
| such validation will be performed. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| the container. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must be set if type is "Localhost". |
| Must NOT be set for any other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file |
| on the node should be used. RuntimeDefault |
| - the container runtime default profile should |
| be used. Unconfined - no profile should be |
| applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. Defaults |
| to the user specified in image metadata if |
| unspecified. May also be set in PodSecurityContext. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has |
| successfully initialized. If specified, no other probes |
| are executed until this completes successfully. If |
| this probe fails, the Pod will be restarted, just |
| as if the livenessProbe failed. This can be used to |
| provide different probe parameters at the beginning |
| of a Pod''s lifecycle, when it might take a long time |
| to load data or warm a cache, than during steady-state |
| operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If this |
| is not set, reads from stdin in the container will |
| always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce |
| is set to true, stdin is opened on container start, |
| is empty until the first client attaches to stdin, |
| and then remains open and accepts data until the client |
| disconnects, at which time stdin is closed and remains |
| closed until the container is restarted. If this flag |
| is false, a container processes that reads from stdin |
| will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written |
| is mounted into the container''s filesystem. Message |
| written is intended to be brief final status, such |
| as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last |
| chunk of container log output if the termination message |
| file is empty and the container exited with an error. |
| The log output is limited to 2048 bytes or 80 lines, |
| whichever is smaller. Defaults to File. Cannot be |
| updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a |
| raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a |
| Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment |
| variable references $(VAR_NAME) are expanded |
| using the container's environment. Defaults |
| to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which |
| might be configured in the container image. Cannot |
| be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| startupProbe: |
| description: Startup probe parameters |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs to |
| terminate gracefully. |
| format: int64 |
| minimum: 10 |
| type: integer |
| tolerations: |
| description: Tolerations to be added for the StatefulSet. |
| items: |
| description: The pod this Toleration is attached to tolerates |
| any taint that matches the triple <key,value,effect> using |
| the matching operator <operator>. |
| properties: |
| effect: |
| description: Effect indicates the taint effect to match. |
| Empty means match all taint effects. When specified, |
| allowed values are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Key is the taint key that the toleration |
| applies to. Empty means match all taint keys. If the |
| key is empty, operator must be Exists; this combination |
| means to match all values and all keys. |
| type: string |
| operator: |
| description: Operator represents a key's relationship |
| to the value. Valid operators are Exists and Equal. |
| Defaults to Equal. Exists is equivalent to wildcard |
| for value, so that a pod can tolerate all taints of |
| a particular category. |
| type: string |
| tolerationSeconds: |
| description: TolerationSeconds represents the period |
| of time the toleration (which must be of effect NoExecute, |
| otherwise this field is ignored) tolerates the taint. |
| By default, it is not set, which means tolerate the |
| taint forever (do not evict). Zero and negative values |
| will be treated as 0 (evict immediately) by the system. |
| format: int64 |
| type: integer |
| value: |
| description: Value is the taint value the toleration |
| matches to. If the operator is Exists, the value should |
| be empty, otherwise just a regular string. |
| type: string |
| type: object |
| type: array |
| topologySpreadConstraints: |
| description: "Optional PodSpreadTopologyConstraints to use |
| when scheduling pods. More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
| \n Note: There is no need to provide a \"labelSelector\", |
| as the operator will inject the labels for you if not provided." |
| items: |
| description: TopologySpreadConstraint specifies how to spread |
| matching pods among the given topology. |
| properties: |
| labelSelector: |
| description: LabelSelector is used to find matching |
| pods. Pods that match this label selector are counted |
| to determine the number of pods in their corresponding |
| topology domain. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are ANDed. |
| items: |
| description: A label selector requirement is a |
| selector that contains values, a key, and an |
| operator that relates the key and values. |
| properties: |
| key: |
| description: key is the label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's relationship |
| to a set of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. If the |
| operator is Exists or DoesNotExist, the |
| values array must be empty. This array is |
| replaced during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is "In", |
| and the values array contains only "value". The |
| requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| matchLabelKeys: |
| description: "MatchLabelKeys is a set of pod label keys |
| to select the pods over which spreading will be calculated. |
| The keys are used to lookup values from the incoming |
| pod labels, those key-value labels are ANDed with |
| labelSelector to select the group of existing pods |
| over which spreading will be calculated for the incoming |
| pod. The same key is forbidden to exist in both MatchLabelKeys |
| and LabelSelector. MatchLabelKeys cannot be set when |
| LabelSelector isn't set. Keys that don't exist in |
| the incoming pod labels will be ignored. A null or |
| empty list means only match against labelSelector. |
| \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread |
| feature gate to be enabled (enabled by default)." |
| items: |
| type: string |
| type: array |
| x-kubernetes-list-type: atomic |
| maxSkew: |
| description: 'MaxSkew describes the degree to which |
| pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, |
| it is the maximum permitted difference between the |
| number of matching pods in the target topology and |
| the global minimum. The global minimum is the minimum |
| number of matching pods in an eligible domain or zero |
| if the number of eligible domains is less than MinDomains. |
| For example, in a 3-zone cluster, MaxSkew is set to |
| 1, and pods with the same labelSelector spread as |
| 2/2/1: In this case, the global minimum is 1. | zone1 |
| | zone2 | zone3 | | P P | P P | P | - if MaxSkew |
| is 1, incoming pod can only be scheduled to zone3 |
| to become 2/2/2; scheduling it onto zone1(zone2) would |
| make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). |
| - if MaxSkew is 2, incoming pod can be scheduled onto |
| any zone. When `whenUnsatisfiable=ScheduleAnyway`, |
| it is used to give higher precedence to topologies |
| that satisfy it. It''s a required field. Default value |
| is 1 and 0 is not allowed.' |
| format: int32 |
| type: integer |
| minDomains: |
| description: "MinDomains indicates a minimum number |
| of eligible domains. When the number of eligible domains |
| with matching topology keys is less than minDomains, |
| Pod Topology Spread treats \"global minimum\" as 0, |
| and then the calculation of Skew is performed. And |
| when the number of eligible domains with matching |
| topology keys equals or greater than minDomains, this |
| value has no effect on scheduling. As a result, when |
| the number of eligible domains is less than minDomains, |
| scheduler won't schedule more than maxSkew Pods to |
| those domains. If value is nil, the constraint behaves |
| as if MinDomains is equal to 1. Valid values are integers |
| greater than 0. When value is not nil, WhenUnsatisfiable |
| must be DoNotSchedule. \n For example, in a 3-zone |
| cluster, MaxSkew is set to 2, MinDomains is set to |
| 5 and pods with the same labelSelector spread as 2/2/2: |
| | zone1 | zone2 | zone3 | | P P | P P | P P | |
| The number of domains is less than 5(MinDomains), |
| so \"global minimum\" is treated as 0. In this situation, |
| new pod with the same labelSelector cannot be scheduled, |
| because computed skew will be 3(3 - 0) if new Pod |
| is scheduled to any of the three zones, it will violate |
| MaxSkew. \n This is a beta field and requires the |
| MinDomainsInPodTopologySpread feature gate to be enabled |
| (enabled by default)." |
| format: int32 |
| type: integer |
| nodeAffinityPolicy: |
| description: "NodeAffinityPolicy indicates how we will |
| treat Pod's nodeAffinity/nodeSelector when calculating |
| pod topology spread skew. Options are: - Honor: only |
| nodes matching nodeAffinity/nodeSelector are included |
| in the calculations. - Ignore: nodeAffinity/nodeSelector |
| are ignored. All nodes are included in the calculations. |
| \n If this value is nil, the behavior is equivalent |
| to the Honor policy. This is a beta-level feature |
| default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| nodeTaintsPolicy: |
| description: "NodeTaintsPolicy indicates how we will |
| treat node taints when calculating pod topology spread |
| skew. Options are: - Honor: nodes without taints, |
| along with tainted nodes for which the incoming pod |
| has a toleration, are included. - Ignore: node taints |
| are ignored. All nodes are included. \n If this value |
| is nil, the behavior is equivalent to the Ignore policy. |
| This is a beta-level feature default enabled by the |
| NodeInclusionPolicyInPodTopologySpread feature flag." |
| type: string |
| topologyKey: |
| description: TopologyKey is the key of node labels. |
| Nodes that have a label with this key and identical |
| values are considered to be in the same topology. |
| We consider each <key, value> as a "bucket", and try |
| to put balanced number of pods into each bucket. We |
| define a domain as a particular instance of a topology. |
| Also, we define an eligible domain as a domain whose |
| nodes meet the requirements of nodeAffinityPolicy |
| and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", |
| each Node is a domain of that topology. And, if TopologyKey |
| is "topology.kubernetes.io/zone", each zone is a domain |
| of that topology. It's a required field. |
| type: string |
| whenUnsatisfiable: |
| description: 'WhenUnsatisfiable indicates how to deal |
| with a pod if it doesn''t satisfy the spread constraint. |
| - DoNotSchedule (default) tells the scheduler not |
| to schedule it. - ScheduleAnyway tells the scheduler |
| to schedule the pod in any location, but giving higher |
| precedence to topologies that would help reduce the |
| skew. A constraint is considered "Unsatisfiable" for |
| an incoming pod if and only if every possible node |
| assignment for that pod would violate "MaxSkew" on |
| some topology. For example, in a 3-zone cluster, MaxSkew |
| is set to 1, and pods with the same labelSelector |
| spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |
| | P | P | If WhenUnsatisfiable is set to DoNotSchedule, |
| incoming pod can only be scheduled to zone2(zone3) |
| to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) |
| satisfies MaxSkew(1). In other words, the cluster |
| can still be imbalanced, but scheduler won''t make |
| it *more* imbalanced. It''s a required field.' |
| type: string |
| required: |
| - maxSkew |
| - topologyKey |
| - whenUnsatisfiable |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - topologyKey |
| - whenUnsatisfiable |
| x-kubernetes-list-type: map |
| volumes: |
| description: Additional non-data volumes to load into the |
| default container. |
| items: |
| description: AdditionalVolume provides information on additional |
| volumes that should be loaded into pods |
| properties: |
| defaultContainerMount: |
| description: DefaultContainerMount defines how to mount |
| this volume into the default container. If this volume |
| is to be used only with sidecar or non-default init |
| containers, then this option is not necessary. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which the |
| container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment variable |
| references $(VAR_NAME) are expanded using the |
| container's environment. Defaults to "" (volume's |
| root). SubPathExpr and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| name: |
| description: Name of the volume |
| type: string |
| source: |
| description: Source is the source of the Volume to be |
| loaded into the solrCloud Pod |
| properties: |
| awsElasticBlockStore: |
| description: 'awsElasticBlockStore represents an |
| AWS Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty).' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly value true will force |
| the readOnly setting in VolumeMounts. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: boolean |
| volumeID: |
| description: 'volumeID is unique ID of the persistent |
| disk resource in AWS (Amazon EBS volume). |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: string |
| required: |
| - volumeID |
| type: object |
| azureDisk: |
| description: azureDisk represents an Azure Data |
| Disk mount on the host and bind mount to the pod. |
| properties: |
| cachingMode: |
| description: 'cachingMode is the Host Caching |
| mode: None, Read Only, Read Write.' |
| type: string |
| diskName: |
| description: diskName is the Name of the data |
| disk in the blob storage |
| type: string |
| diskURI: |
| description: diskURI is the URI of data disk |
| in the blob storage |
| type: string |
| fsType: |
| description: fsType is Filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| kind: |
| description: 'kind expected values are Shared: |
| multiple blob disks per storage account Dedicated: |
| single blob disk per storage account Managed: |
| azure managed data disk (only in managed availability |
| set). defaults to shared' |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| required: |
| - diskName |
| - diskURI |
| type: object |
| azureFile: |
| description: azureFile represents an Azure File |
| Service mount on the host and bind mount to the |
| pod. |
| properties: |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretName: |
| description: secretName is the name of secret |
| that contains Azure Storage Account Name and |
| Key |
| type: string |
| shareName: |
| description: shareName is the azure share Name |
| type: string |
| required: |
| - secretName |
| - shareName |
| type: object |
| cephfs: |
| description: cephFS represents a Ceph FS mount on |
| the host that shares a pod's lifetime |
| properties: |
| monitors: |
| description: 'monitors is Required: Monitors |
| is a collection of Ceph monitors More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| path: |
| description: 'path is Optional: Used as the |
| mounted root, rather than the full Ceph tree, |
| default is /' |
| type: string |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts. |
| More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: boolean |
| secretFile: |
| description: 'secretFile is Optional: SecretFile |
| is the path to key ring for User, default |
| is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| secretRef: |
| description: 'secretRef is Optional: SecretRef |
| is reference to the authentication secret |
| for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is optional: User is the |
| rados user name, default is admin More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| required: |
| - monitors |
| type: object |
| cinder: |
| description: 'cinder represents a cinder volume |
| attached and mounted on kubelets host machine. |
| More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| readOnly: |
| description: 'readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: boolean |
| secretRef: |
| description: 'secretRef is optional: points |
| to a secret object containing parameters used |
| to connect to OpenStack.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeID: |
| description: 'volumeID used to identify the |
| volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| required: |
| - volumeID |
| type: object |
| configMap: |
| description: configMap represents a configMap that |
| should populate this volume |
| properties: |
| defaultMode: |
| description: 'defaultMode is optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced ConfigMap |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the ConfigMap, the |
| volume setup will error unless it is marked |
| optional. Paths must be relative and may not |
| contain the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether the ConfigMap |
| or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| csi: |
| description: csi (Container Storage Interface) represents |
| ephemeral storage that is handled by certain external |
| CSI drivers (Beta feature). |
| properties: |
| driver: |
| description: driver is the name of the CSI driver |
| that handles this volume. Consult with your |
| admin for the correct name as registered in |
| the cluster. |
| type: string |
| fsType: |
| description: fsType to mount. Ex. "ext4", "xfs", |
| "ntfs". If not provided, the empty value is |
| passed to the associated CSI driver which |
| will determine the default filesystem to apply. |
| type: string |
| nodePublishSecretRef: |
| description: nodePublishSecretRef is a reference |
| to the secret object containing sensitive |
| information to pass to the CSI driver to complete |
| the CSI NodePublishVolume and NodeUnpublishVolume |
| calls. This field is optional, and may be |
| empty if no secret is required. If the secret |
| object contains more than one secret, all |
| secret references are passed. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| readOnly: |
| description: readOnly specifies a read-only |
| configuration for the volume. Defaults to |
| false (read/write). |
| type: boolean |
| volumeAttributes: |
| additionalProperties: |
| type: string |
| description: volumeAttributes stores driver-specific |
| properties that are passed to the CSI driver. |
| Consult your driver's documentation for supported |
| values. |
| type: object |
| required: |
| - driver |
| type: object |
| downwardAPI: |
| description: downwardAPI represents downward API |
| about the pod that should populate this volume |
| properties: |
| defaultMode: |
| description: 'Optional: mode bits to use on |
| created files by default. Must be a Optional: |
| mode bits used to set permissions on created |
| files by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: Items is a list of downward API |
| volume file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing |
| the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field |
| of the pod: only annotations, labels, |
| name and namespace are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used |
| to set permissions on this file, must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. |
| YAML accepts both octal and decimal |
| values, JSON requires decimal values |
| for mode bits. If not specified, the |
| volume defaultMode will be used. This |
| might be in conflict with other options |
| that affect the file mode, like fsGroup, |
| and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the relative |
| path name of the file to be created. |
| Must not be absolute or contain the |
| ''..'' path. Must be utf-8 encoded. |
| The first item of the relative path |
| must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| requests.cpu and requests.memory) are |
| currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| emptyDir: |
| description: 'emptyDir represents a temporary directory |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| properties: |
| medium: |
| description: 'medium represents what type of |
| storage medium should back this directory. |
| The default is "" which means to use the node''s |
| default medium. Must be an empty string (default) |
| or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount |
| of local storage required for this EmptyDir |
| volume. The size limit is also applicable |
| for memory medium. The maximum usage on memory |
| medium EmptyDir would be the minimum value |
| between the SizeLimit specified here and the |
| sum of memory limits of all containers in |
| a pod. The default is nil which means that |
| the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| ephemeral: |
| description: "ephemeral represents a volume that |
| is handled by a cluster storage driver. The volume's |
| lifecycle is tied to the pod that defines it - |
| it will be created before the pod starts, and |
| deleted when the pod is removed. \n Use this if: |
| a) the volume is only needed while the pod runs, |
| b) features of normal volumes like restoring from |
| snapshot or capacity tracking are needed, c) the |
| storage driver is specified through a storage |
| class, and d) the storage driver supports dynamic |
| volume provisioning through a PersistentVolumeClaim |
| (see EphemeralVolumeSource for more information |
| on the connection between this volume type and |
| PersistentVolumeClaim). \n Use PersistentVolumeClaim |
| or one of the vendor-specific APIs for volumes |
| that persist for longer than the lifecycle of |
| an individual pod. \n Use CSI for light-weight |
| local ephemeral volumes if the CSI driver is meant |
| to be used that way - see the documentation of |
| the driver for more information. \n A pod can |
| use both types of ephemeral volumes and persistent |
| volumes at the same time." |
| properties: |
| volumeClaimTemplate: |
| description: "Will be used to create a stand-alone |
| PVC to provision the volume. The pod in which |
| this EphemeralVolumeSource is embedded will |
| be the owner of the PVC, i.e. the PVC will |
| be deleted together with the pod. The name |
| of the PVC will be `<pod name>-<volume name>` |
| where `<volume name>` is the name from the |
| `PodSpec.Volumes` array entry. Pod validation |
| will reject the pod if the concatenated name |
| is not valid for a PVC (for example, too long). |
| \n An existing PVC with that name that is |
| not owned by the pod will *not* be used for |
| the pod to avoid using an unrelated volume |
| by mistake. Starting the pod is then blocked |
| until the unrelated PVC is removed. If such |
| a pre-created PVC is meant to be used by the |
| pod, the PVC has to updated with an owner |
| reference to the pod once the pod exists. |
| Normally this should not be necessary, but |
| it may be useful when manually reconstructing |
| a broken cluster. \n This field is read-only |
| and no changes will be made by Kubernetes |
| to the PVC after it has been created. \n Required, |
| must not be nil." |
| properties: |
| metadata: |
| description: May contain labels and annotations |
| that will be copied into the PVC when |
| creating it. No other fields are allowed |
| and will be rejected during validation. |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged |
| into the PVC that gets created from this |
| template. The same fields as in a PersistentVolumeClaim |
| are also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the |
| desired access modes the volume should |
| have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be |
| used to specify either: * An existing |
| VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) |
| If the provisioner or an external |
| controller can support the specified |
| data source, it will create a new |
| volume based on the contents of the |
| specified data source. When the AnyVolumeDataSource |
| feature gate is enabled, dataSource |
| contents will be copied to dataSourceRef, |
| and dataSourceRef contents will be |
| copied to dataSource when dataSourceRef.namespace |
| is not specified. If the namespace |
| is specified, then dataSourceRef will |
| not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies |
| the object from which to populate |
| the volume with data, if a non-empty |
| volume is desired. This may be any |
| object from a non-empty API group |
| (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, |
| volume binding will only succeed if |
| the type of the specified object matches |
| some installed volume populator or |
| dynamic provisioner. This field will |
| replace the functionality of the dataSource |
| field and as such if both fields are |
| non-empty, they must have the same |
| value. For backwards compatibility, |
| when namespace isn''t specified in |
| dataSourceRef, both fields (dataSource |
| and dataSourceRef) will be set to |
| the same value automatically if one |
| of them is empty and the other is |
| non-empty. When namespace is specified |
| in dataSourceRef, dataSource isn''t |
| set to the same value and must be |
| empty. There are three important differences |
| between dataSource and dataSourceRef: |
| * While dataSource only allows two |
| specific types of objects, dataSourceRef |
| allows any non-core object, as well |
| as PersistentVolumeClaim objects. |
| * While dataSource ignores disallowed |
| values (dropping them), dataSourceRef |
| preserves all values, and generates |
| an error if a disallowed value is |
| specified. * While dataSource only |
| allows local objects, dataSourceRef |
| allows objects in any namespaces. |
| (Beta) Using this field requires the |
| AnyVolumeDataSource feature gate to |
| be enabled. (Alpha) Using the namespace |
| field of dataSourceRef requires the |
| CrossNamespaceVolumeDataSource feature |
| gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace |
| of resource being referenced Note |
| that when a namespace is specified, |
| a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent |
| namespace to allow that namespace's |
| owner to accept the reference. |
| See the ReferenceGrant documentation |
| for details. (Alpha) This field |
| requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the |
| minimum resources the volume should |
| have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed |
| to specify resource requirements that |
| are lower than previous value but |
| must still be higher than capacity |
| recorded in the status field of the |
| claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names |
| of resources, defined in spec.resourceClaims, |
| that are used by this container. |
| \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is |
| immutable. It can only be set |
| for containers." |
| items: |
| description: ResourceClaim references |
| one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match |
| the name of one entry in |
| pod.spec.resourceClaims |
| of the Pod where this field |
| is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the |
| maximum amount of compute resources |
| allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes |
| the minimum amount of compute |
| resources required. If Requests |
| is omitted for a container, it |
| defaults to Limits if that is |
| explicitly specified, otherwise |
| to an implementation-defined value. |
| Requests cannot exceed Limits. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query |
| over volumes to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the |
| name of the StorageClass required |
| by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what |
| type of volume is required by the |
| claim. Value of Filesystem is implied |
| when not included in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding |
| reference to the PersistentVolume |
| backing this claim. |
| type: string |
| type: object |
| required: |
| - spec |
| type: object |
| type: object |
| fc: |
| description: fc represents a Fibre Channel resource |
| that is attached to a kubelet's host machine and |
| then exposed to the pod. |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. TODO: how do we prevent errors |
| in the filesystem from compromising the machine' |
| type: string |
| lun: |
| description: 'lun is Optional: FC target lun |
| number' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| targetWWNs: |
| description: 'targetWWNs is Optional: FC target |
| worldwide names (WWNs)' |
| items: |
| type: string |
| type: array |
| wwids: |
| description: 'wwids Optional: FC volume world |
| wide identifiers (wwids) Either wwids or combination |
| of targetWWNs and lun must be set, but not |
| both simultaneously.' |
| items: |
| type: string |
| type: array |
| type: object |
| flexVolume: |
| description: flexVolume represents a generic volume |
| resource that is provisioned/attached using an |
| exec based plugin. |
| properties: |
| driver: |
| description: driver is the name of the driver |
| to use for this volume. |
| type: string |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". The default filesystem depends |
| on FlexVolume script. |
| type: string |
| options: |
| additionalProperties: |
| type: string |
| description: 'options is Optional: this field |
| holds extra command options if any.' |
| type: object |
| readOnly: |
| description: 'readOnly is Optional: defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| secretRef: |
| description: 'secretRef is Optional: secretRef |
| is reference to the secret object containing |
| sensitive information to pass to the plugin |
| scripts. This may be empty if no secret object |
| is specified. If the secret object contains |
| more than one secret, all secrets are passed |
| to the plugin scripts.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - driver |
| type: object |
| flocker: |
| description: flocker represents a Flocker volume |
| attached to a kubelet's host machine. This depends |
| on the Flocker control service being running |
| properties: |
| datasetName: |
| description: datasetName is Name of the dataset |
| stored as metadata -> name on the dataset |
| for Flocker should be considered as deprecated |
| type: string |
| datasetUUID: |
| description: datasetUUID is the UUID of the |
| dataset. This is unique identifier of a Flocker |
| dataset |
| type: string |
| type: object |
| gcePersistentDisk: |
| description: 'gcePersistentDisk represents a GCE |
| Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| properties: |
| fsType: |
| description: 'fsType is filesystem type of the |
| volume that you want to mount. Tip: Ensure |
| that the filesystem type is supported by the |
| host operating system. Examples: "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| format: int32 |
| type: integer |
| pdName: |
| description: 'pdName is unique name of the PD |
| resource in GCE. Used to identify the disk |
| in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: boolean |
| required: |
| - pdName |
| type: object |
| gitRepo: |
| description: 'gitRepo represents a git repository |
| at a particular revision. DEPRECATED: GitRepo |
| is deprecated. To provision a container with a |
| git repo, mount an EmptyDir into an InitContainer |
| that clones the repo using git, then mount the |
| EmptyDir into the Pod''s container.' |
| properties: |
| directory: |
| description: directory is the target directory |
| name. Must not contain or start with '..'. If |
| '.' is supplied, the volume directory will |
| be the git repository. Otherwise, if specified, |
| the volume will contain the git repository |
| in the subdirectory with the given name. |
| type: string |
| repository: |
| description: repository is the URL |
| type: string |
| revision: |
| description: revision is the commit hash for |
| the specified revision. |
| type: string |
| required: |
| - repository |
| type: object |
| glusterfs: |
| description: 'glusterfs represents a Glusterfs mount |
| on the host that shares a pod''s lifetime. More |
| info: https://examples.k8s.io/volumes/glusterfs/README.md' |
| properties: |
| endpoints: |
| description: 'endpoints is the endpoint name |
| that details Glusterfs topology. More info: |
| https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| path: |
| description: 'path is the Glusterfs volume path. |
| More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the Glusterfs |
| volume to be mounted with read-only permissions. |
| Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: boolean |
| required: |
| - endpoints |
| - path |
| type: object |
| hostPath: |
| description: 'hostPath represents a pre-existing |
| file or directory on the host machine that is |
| directly exposed to the container. This is generally |
| used for system agents or other privileged things |
| that are allowed to see the host machine. Most |
| containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
| --- TODO(jonesdl) We need to restrict who can |
| use host directory mounts and who can/can not |
| mount host directories as read/write.' |
| properties: |
| path: |
| description: 'path of the directory on the host. |
| If the path is a symlink, it will follow the |
| link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults |
| to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| iscsi: |
| description: 'iscsi represents an ISCSI Disk resource |
| that is attached to a kubelet''s host machine |
| and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' |
| properties: |
| chapAuthDiscovery: |
| description: chapAuthDiscovery defines whether |
| support iSCSI Discovery CHAP authentication |
| type: boolean |
| chapAuthSession: |
| description: chapAuthSession defines whether |
| support iSCSI Session CHAP authentication |
| type: boolean |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| initiatorName: |
| description: initiatorName is the custom iSCSI |
| Initiator Name. If initiatorName is specified |
| with iscsiInterface simultaneously, new iSCSI |
| interface <target portal>:<volume name> will |
| be created for the connection. |
| type: string |
| iqn: |
| description: iqn is the target iSCSI Qualified |
| Name. |
| type: string |
| iscsiInterface: |
| description: iscsiInterface is the interface |
| Name that uses an iSCSI transport. Defaults |
| to 'default' (tcp). |
| type: string |
| lun: |
| description: lun represents iSCSI Target Lun |
| number. |
| format: int32 |
| type: integer |
| portals: |
| description: portals is the iSCSI Target Portal |
| List. The portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| items: |
| type: string |
| type: array |
| readOnly: |
| description: readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| type: boolean |
| secretRef: |
| description: secretRef is the CHAP Secret for |
| iSCSI target and initiator authentication |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| targetPortal: |
| description: targetPortal is iSCSI Target Portal. |
| The Portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| type: string |
| required: |
| - iqn |
| - lun |
| - targetPortal |
| type: object |
| nfs: |
| description: 'nfs represents an NFS mount on the |
| host that shares a pod''s lifetime More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| properties: |
| path: |
| description: 'path that is exported by the NFS |
| server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the NFS |
| export to be mounted with read-only permissions. |
| Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: boolean |
| server: |
| description: 'server is the hostname or IP address |
| of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| required: |
| - path |
| - server |
| type: object |
| persistentVolumeClaim: |
| description: 'persistentVolumeClaimVolumeSource |
| represents a reference to a PersistentVolumeClaim |
| in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| properties: |
| claimName: |
| description: 'claimName is the name of a PersistentVolumeClaim |
| in the same namespace as the pod using this |
| volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| type: string |
| readOnly: |
| description: readOnly Will force the ReadOnly |
| setting in VolumeMounts. Default false. |
| type: boolean |
| required: |
| - claimName |
| type: object |
| photonPersistentDisk: |
| description: photonPersistentDisk represents a PhotonController |
| persistent disk attached and mounted on kubelets |
| host machine |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| pdID: |
| description: pdID is the ID that identifies |
| Photon Controller persistent disk |
| type: string |
| required: |
| - pdID |
| type: object |
| portworxVolume: |
| description: portworxVolume represents a portworx |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fSType represents the filesystem |
| type to mount Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| volumeID: |
| description: volumeID uniquely identifies a |
| Portworx volume |
| type: string |
| required: |
| - volumeID |
| type: object |
| projected: |
| description: projected items for all in one resources |
| secrets, configmaps, and downward API |
| properties: |
| defaultMode: |
| description: defaultMode are the mode bits used |
| to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set. |
| format: int32 |
| type: integer |
| sources: |
| description: sources is the list of volume projections |
| items: |
| description: Projection that may be projected |
| along with other supported volume types |
| properties: |
| configMap: |
| description: configMap information about |
| the configMap data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced ConfigMap |
| will be projected into the volume |
| as a file whose name is the key |
| and content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the ConfigMap, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether |
| the ConfigMap or its keys must be |
| defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| downwardAPI: |
| description: downwardAPI information about |
| the downwardAPI data to project |
| properties: |
| items: |
| description: Items is a list of DownwardAPIVolume |
| file |
| items: |
| description: DownwardAPIVolumeFile |
| represents information to create |
| the file containing the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects |
| a field of the pod: only annotations, |
| labels, name and namespace |
| are supported.' |
| properties: |
| apiVersion: |
| description: Version of |
| the schema the FieldPath |
| is written in terms of, |
| defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the |
| field to select in the |
| specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode |
| bits used to set permissions |
| on this file, must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path |
| is the relative path name |
| of the file to be created. |
| Must not be absolute or contain |
| the ''..'' path. Must be utf-8 |
| encoded. The first item of |
| the relative path must not |
| start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource |
| of the container: only resources |
| limits and requests (limits.cpu, |
| limits.memory, requests.cpu |
| and requests.memory) are currently |
| supported.' |
| properties: |
| containerName: |
| description: 'Container |
| name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the |
| output format of the exposed |
| resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: |
| resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| secret: |
| description: secret information about |
| the secret data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced Secret will |
| be projected into the volume as |
| a file whose name is the key and |
| content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the Secret, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional field specify |
| whether the Secret or its key must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| serviceAccountToken: |
| description: serviceAccountToken is information |
| about the serviceAccountToken data to |
| project |
| properties: |
| audience: |
| description: audience is the intended |
| audience of the token. A recipient |
| of a token must identify itself |
| with an identifier specified in |
| the audience of the token, and otherwise |
| should reject the token. The audience |
| defaults to the identifier of the |
| apiserver. |
| type: string |
| expirationSeconds: |
| description: expirationSeconds is |
| the requested duration of validity |
| of the service account token. As |
| the token approaches expiration, |
| the kubelet volume plugin will proactively |
| rotate the service account token. |
| The kubelet will start trying to |
| rotate the token if the token is |
| older than 80 percent of its time |
| to live or if the token is older |
| than 24 hours.Defaults to 1 hour |
| and must be at least 10 minutes. |
| format: int64 |
| type: integer |
| path: |
| description: path is the path relative |
| to the mount point of the file to |
| project the token into. |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| type: array |
| type: object |
| quobyte: |
| description: quobyte represents a Quobyte mount |
| on the host that shares a pod's lifetime |
| properties: |
| group: |
| description: group to map volume access to Default |
| is no group |
| type: string |
| readOnly: |
| description: readOnly here will force the Quobyte |
| volume to be mounted with read-only permissions. |
| Defaults to false. |
| type: boolean |
| registry: |
| description: registry represents a single or |
| multiple Quobyte Registry services specified |
| as a string as host:port pair (multiple entries |
| are separated with commas) which acts as the |
| central registry for volumes |
| type: string |
| tenant: |
| description: tenant owning the given Quobyte |
| volume in the Backend Used with dynamically |
| provisioned Quobyte volumes, value is set |
| by the plugin |
| type: string |
| user: |
| description: user to map volume access to Defaults |
| to serivceaccount user |
| type: string |
| volume: |
| description: volume is a string that references |
| an already created Quobyte volume by name. |
| type: string |
| required: |
| - registry |
| - volume |
| type: object |
| rbd: |
| description: 'rbd represents a Rados Block Device |
| mount on the host that shares a pod''s lifetime. |
| More info: https://examples.k8s.io/volumes/rbd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| image: |
| description: 'image is the rados image name. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| keyring: |
| description: 'keyring is the path to key ring |
| for RBDUser. Default is /etc/ceph/keyring. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| monitors: |
| description: 'monitors is a collection of Ceph |
| monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| pool: |
| description: 'pool is the rados pool name. Default |
| is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: boolean |
| secretRef: |
| description: 'secretRef is name of the authentication |
| secret for RBDUser. If provided overrides |
| keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is the rados user name. Default |
| is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| required: |
| - image |
| - monitors |
| type: object |
| scaleIO: |
| description: scaleIO represents a ScaleIO persistent |
| volume attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Default is "xfs". |
| type: string |
| gateway: |
| description: gateway is the host address of |
| the ScaleIO API Gateway. |
| type: string |
| protectionDomain: |
| description: protectionDomain is the name of |
| the ScaleIO Protection Domain for the configured |
| storage. |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef references to the secret |
| for ScaleIO user and other sensitive information. |
| If this is not provided, Login operation will |
| fail. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| sslEnabled: |
| description: sslEnabled Flag enable/disable |
| SSL communication with Gateway, default false |
| type: boolean |
| storageMode: |
| description: storageMode indicates whether the |
| storage for a volume should be ThickProvisioned |
| or ThinProvisioned. Default is ThinProvisioned. |
| type: string |
| storagePool: |
| description: storagePool is the ScaleIO Storage |
| Pool associated with the protection domain. |
| type: string |
| system: |
| description: system is the name of the storage |
| system as configured in ScaleIO. |
| type: string |
| volumeName: |
| description: volumeName is the name of a volume |
| already created in the ScaleIO system that |
| is associated with this volume source. |
| type: string |
| required: |
| - gateway |
| - secretRef |
| - system |
| type: object |
| secret: |
| description: 'secret represents a secret that should |
| populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| properties: |
| defaultMode: |
| description: 'defaultMode is Optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items If unspecified, each key-value |
| pair in the Data field of the referenced Secret |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the Secret, the volume |
| setup will error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| optional: |
| description: optional field specify whether |
| the Secret or its keys must be defined |
| type: boolean |
| secretName: |
| description: 'secretName is the name of the |
| secret in the pod''s namespace to use. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| type: string |
| type: object |
| storageos: |
| description: storageOS represents a StorageOS volume |
| attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef specifies the secret |
| to use for obtaining the StorageOS API credentials. If |
| not specified, default values will be attempted. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeName: |
| description: volumeName is the human-readable |
| name of the StorageOS volume. Volume names |
| are only unique within a namespace. |
| type: string |
| volumeNamespace: |
| description: volumeNamespace specifies the scope |
| of the volume within StorageOS. If no namespace |
| is specified then the Pod's namespace will |
| be used. This allows the Kubernetes name |
| scoping to be mirrored within StorageOS for |
| tighter integration. Set VolumeName to any |
| name to override the default behaviour. Set |
| to "default" if you are not using namespaces |
| within StorageOS. Namespaces that do not pre-exist |
| within StorageOS will be created. |
| type: string |
| type: object |
| vsphereVolume: |
| description: vsphereVolume represents a vSphere |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fsType is filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| storagePolicyID: |
| description: storagePolicyID is the storage |
| Policy Based Management (SPBM) profile ID |
| associated with the StoragePolicyName. |
| type: string |
| storagePolicyName: |
| description: storagePolicyName is the storage |
| Policy Based Management (SPBM) profile name. |
| type: string |
| volumePath: |
| description: volumePath is the path that identifies |
| vSphere volume vmdk |
| type: string |
| required: |
| - volumePath |
| type: object |
| type: object |
| required: |
| - name |
| - source |
| type: object |
| type: array |
| type: object |
| statefulSetOptions: |
| description: StatefulSetOptions defines the custom options for |
| the solrCloud StatefulSet. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the StatefulSet. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the StatefulSet. |
| type: object |
| podManagementPolicy: |
| description: PodManagementPolicy defines the policy for creating |
| pods under a stateful set. Override the default value of |
| Parallel. This cannot be updated on an existing StatefulSet, |
| the StatefulSet must be deleted and recreated for a change |
| in this field to take effect. |
| enum: |
| - OrderedReady |
| - Parallel |
| type: string |
| type: object |
| type: object |
| dataStorage: |
| description: Customize how the cloud data is stored. If neither "persistent" |
| or "ephemeral" is provided, then ephemeral storage will be used |
| by default. |
| properties: |
| ephemeral: |
| description: "EphemeralStorage is the specification for how the |
| ephemeral Solr data storage should be configured. \n This option |
| cannot be used with the \"persistent\" option. Ephemeral storage |
| is used by default if neither \"persistent\" or \"ephemeral\" |
| is provided." |
| properties: |
| emptyDir: |
| description: EmptyDirVolumeSource is an optional config for |
| the emptydir volume that will store Solr data. |
| properties: |
| medium: |
| description: 'medium represents what type of storage medium |
| should back this directory. The default is "" which |
| means to use the node''s default medium. Must be an |
| empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount of local storage |
| required for this EmptyDir volume. The size limit is |
| also applicable for memory medium. The maximum usage |
| on memory medium EmptyDir would be the minimum value |
| between the SizeLimit specified here and the sum of |
| memory limits of all containers in a pod. The default |
| is nil which means that the limit is undefined. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| hostPath: |
| description: "HostPathVolumeSource is an optional config to |
| specify a path on the host machine to store Solr data. \n |
| If hostPath is omitted, then the default EmptyDir is used, |
| otherwise hostPath takes precedence over EmptyDir." |
| properties: |
| path: |
| description: 'path of the directory on the host. If the |
| path is a symlink, it will follow the link to the real |
| path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults to "" |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| persistent: |
| description: "PersistentStorage is the specification for how the |
| persistent Solr data storage should be configured. \n This option |
| cannot be used with the \"ephemeral\" option." |
| properties: |
| pvcTemplate: |
| description: PersistentVolumeClaimTemplate is the PVC object |
| for the solr node to store its data. Within metadata, the |
| Name, Labels and Annotations are able to be specified, but |
| defaults will be provided if necessary. The entire Spec |
| is customizable, however there will be defaults provided |
| if necessary. This field is optional. If no PVC spec is |
| provided, then a default will be provided. |
| properties: |
| metadata: |
| description: May contain labels and annotations that will |
| be copied into the PVC when creating it. No other fields |
| are allowed and will be rejected during validation. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: 'Annotations is an unstructured key value |
| map stored with a resource that may be set by external |
| tools to store and retrieve arbitrary metadata. |
| They are not queryable and should be preserved when |
| modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: 'Map of string keys and values that can |
| be used to organize and categorize (scope and select) |
| objects. May match selectors of replication controllers |
| and services. More info: http://kubernetes.io/docs/user-guide/labels' |
| type: object |
| name: |
| description: 'Name must be unique within a namespace. |
| Is required when creating resources, although some |
| resources may allow a client to request the generation |
| of an appropriate name automatically. Name is primarily |
| intended for creation idempotence and configuration |
| definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' |
| type: string |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged into the PVC |
| that gets created from this template. The same fields |
| as in a PersistentVolumeClaim are also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the desired access |
| modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be used to specify |
| either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) If the |
| provisioner or an external controller can support |
| the specified data source, it will create a new |
| volume based on the contents of the specified data |
| source. When the AnyVolumeDataSource feature gate |
| is enabled, dataSource contents will be copied to |
| dataSourceRef, and dataSourceRef contents will be |
| copied to dataSource when dataSourceRef.namespace |
| is not specified. If the namespace is specified, |
| then dataSourceRef will not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for the resource |
| being referenced. If APIGroup is not specified, |
| the specified Kind must be in the core API group. |
| For any other third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of resource being |
| referenced |
| type: string |
| name: |
| description: Name is the name of resource being |
| referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies the object from |
| which to populate the volume with data, if a non-empty |
| volume is desired. This may be any object from a |
| non-empty API group (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, volume binding |
| will only succeed if the type of the specified object |
| matches some installed volume populator or dynamic |
| provisioner. This field will replace the functionality |
| of the dataSource field and as such if both fields |
| are non-empty, they must have the same value. For |
| backwards compatibility, when namespace isn''t specified |
| in dataSourceRef, both fields (dataSource and dataSourceRef) |
| will be set to the same value automatically if one |
| of them is empty and the other is non-empty. When |
| namespace is specified in dataSourceRef, dataSource |
| isn''t set to the same value and must be empty. |
| There are three important differences between dataSource |
| and dataSourceRef: * While dataSource only allows |
| two specific types of objects, dataSourceRef allows |
| any non-core object, as well as PersistentVolumeClaim |
| objects. * While dataSource ignores disallowed values |
| (dropping them), dataSourceRef preserves all values, |
| and generates an error if a disallowed value is |
| specified. * While dataSource only allows local |
| objects, dataSourceRef allows objects in any namespaces. |
| (Beta) Using this field requires the AnyVolumeDataSource |
| feature gate to be enabled. (Alpha) Using the namespace |
| field of dataSourceRef requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for the resource |
| being referenced. If APIGroup is not specified, |
| the specified Kind must be in the core API group. |
| For any other third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of resource being |
| referenced |
| type: string |
| name: |
| description: Name is the name of resource being |
| referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace of resource |
| being referenced Note that when a namespace |
| is specified, a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent namespace |
| to allow that namespace's owner to accept the |
| reference. See the ReferenceGrant documentation |
| for details. (Alpha) This field requires the |
| CrossNamespaceVolumeDataSource feature gate |
| to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the minimum resources |
| the volume should have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed to specify |
| resource requirements that are lower than previous |
| value but must still be higher than capacity recorded |
| in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It |
| can only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of |
| one entry in pod.spec.resourceClaims of |
| the Pod where this field is used. It makes |
| that resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query over volumes |
| to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement is |
| a selector that contains values, a key, and |
| an operator that relates the key and values. |
| properties: |
| key: |
| description: key is the label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. If |
| the operator is Exists or DoesNotExist, |
| the values array must be empty. This array |
| is replaced during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is "In", |
| and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the name of the |
| StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what type of volume |
| is required by the claim. Value of Filesystem is |
| implied when not included in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding reference to |
| the PersistentVolume backing this claim. |
| type: string |
| type: object |
| type: object |
| reclaimPolicy: |
| description: 'VolumeReclaimPolicy determines how the Solr |
| Cloud''s PVCs will be treated after the cloud is deleted. |
| - Retain: This is the default Kubernetes policy, where PVCs |
| created for StatefulSets are not deleted when the StatefulSet |
| is deleted. - Delete: The PVCs will be deleted by the Solr |
| Operator after the SolrCloud object is deleted. The default |
| value is Retain, so no data will be deleted unless explicitly |
| configured.' |
| enum: |
| - Retain |
| - Delete |
| type: string |
| type: object |
| type: object |
| replicas: |
| description: The number of solr nodes to run |
| format: int32 |
| type: integer |
| scaling: |
| description: Configure how Solr nodes should be scaled. |
| properties: |
| populatePodsOnScaleUp: |
| default: true |
| description: "PopulatePodsOnScaleUp determines whether Solr replicas |
| should be moved to newly-created Pods that have been created |
| due to the SolrCloud scaling up. \n This feature is only available |
| to users using Solr 9.3 or newer. If this is set to \"true\" |
| for a cloud that is running an unsupported version of Solr, |
| the replicas will not be moved." |
| type: boolean |
| vacatePodsOnScaleDown: |
| default: true |
| description: VacatePodsOnScaleDown determines whether Solr replicas |
| are moved off of a Pod before the Pod is deleted due to the |
| SolrCloud scaling down. |
| type: boolean |
| type: object |
| solrAddressability: |
| description: Customize how Solr is addressed both internally and externally |
| in Kubernetes. |
| properties: |
| commonServicePort: |
| description: CommonServicePort defines the port to have the common |
| Solr service listen on. Defaults to 80 (when not using TLS) |
| or 443 (when using TLS) |
| type: integer |
| external: |
| description: External defines the way in which this SolrCloud |
| nodes should be made addressable externally, from outside the |
| Kubernetes cluster. If none is provided, the Solr Cloud will |
| not be made addressable externally. |
| properties: |
| additionalDomainNames: |
| description: Provide additional domainNames that the Ingress |
| or ExternalDNS should listen on. This option is ignored |
| with the LoadBalancer method. |
| items: |
| type: string |
| type: array |
| domainName: |
| description: "Override the domainName provided as startup |
| parameters to the operator, used by ingresses and externalDNS. |
| The common and/or node services will be addressable by unique |
| names under the given domain. e.g. given.domain.name.com |
| -> default-example-solrcloud.given.domain.name.com \n For |
| the LoadBalancer method, this field is optional and will |
| only be used when useExternalAddress=true. If used with |
| the LoadBalancer method, you will need DNS routing to the |
| LoadBalancer IP address through the url template given above." |
| type: string |
| hideCommon: |
| description: Do not expose the common Solr service externally. |
| This affects a single service. Defaults to false. |
| type: boolean |
| hideNodes: |
| description: Do not expose each of the Solr Node services |
| externally. The number of services this affects could range |
| from 1 (a headless service for ExternalDNS) to the number |
| of Solr pods your cloud contains (individual node services |
| for Ingress/LoadBalancer). Defaults to false. |
| type: boolean |
| ingressTLSTermination: |
| description: "IngressTLSTermination tells the SolrCloud Ingress |
| to terminate TLS on incoming connections. \n This is option |
| is only available when Method=Ingress, because ExternalDNS |
| and LoadBalancer Services do not support TLS termination. |
| This option is also unavailable when the SolrCloud has TLS |
| enabled via `spec.solrTLS`, in this case the Ingress cannot |
| terminate TLS before reaching Solr. \n When using this option, |
| the UseExternalAddress option will be disabled, since Solr |
| cannot be running in HTTP mode and making internal requests |
| in HTTPS." |
| maxProperties: 1 |
| properties: |
| tlsSecret: |
| description: TLSSecret defines a TLS Secret to use for |
| TLS termination of all exposed addresses for this SolrCloud |
| in the Ingress. |
| type: string |
| useDefaultTLSSecret: |
| description: "UseDefaultTLSSecret determines whether the |
| ingress should use the default TLS secret provided by |
| the Ingress implementation. \n For example, using nginx: |
| https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate" |
| type: boolean |
| type: object |
| method: |
| description: The way in which this SolrCloud's service(s) |
| should be made addressable externally. |
| enum: |
| - Ingress |
| - ExternalDNS |
| type: string |
| nodePortOverride: |
| description: "NodePortOverride defines the port to have all |
| Solr node service(s) listen on and advertise itself as if |
| advertising through an Ingress or LoadBalancer. This overrides |
| the default usage of the podPort. \n This is option is only |
| used when HideNodes=false, otherwise the the port each Solr |
| Node will advertise itself with the podPort. This option |
| is also unavailable with the ExternalDNS method. \n If using |
| method=Ingress, your ingress controller is required to listen |
| on this port. If your ingress controller is not listening |
| on the podPort, then this option is required for solr to |
| be addressable via an Ingress. \n Defaults to 80 (without |
| TLS) or 443 (with TLS) if HideNodes=false and method=Ingress, |
| otherwise this is optional." |
| type: integer |
| useExternalAddress: |
| description: "Use the external address to advertise the SolrNode, |
| defaults to false. \n If false, the external address will |
| be available, however Solr (and clients using the CloudSolrClient |
| in SolrJ) will only be aware of the internal URLs. If true, |
| Solr will startup with the hostname of the external address. |
| \n NOTE: This option cannot be true when hideNodes is set |
| to true. So it will be auto-set to false if that is the |
| case." |
| type: boolean |
| required: |
| - domainName |
| - method |
| type: object |
| kubeDomain: |
| description: KubeDomain allows for the specification of an override |
| of the default "cluster.local" Kubernetes cluster domain. Only |
| use this option if the Kubernetes cluster has been setup with |
| a custom domain. |
| type: string |
| podPort: |
| description: PodPort defines the port to have the Solr Pod listen |
| on. Defaults to 8983 |
| type: integer |
| type: object |
| solrClientTLS: |
| description: Options to configure client TLS certificate for Solr |
| pods |
| properties: |
| checkPeerName: |
| description: TLS certificates contain host/ip "peer name" information |
| that is validated by default. |
| type: boolean |
| clientAuth: |
| default: None |
| description: Determines the client authentication method, either |
| None, Want, or Need; this affects K8s ability to call liveness |
| / readiness probes so use cautiously. Only applies for server |
| certificates, has no effect on client certificates |
| enum: |
| - None |
| - Want |
| - Need |
| type: string |
| keyStorePasswordSecret: |
| description: Secret containing the key store password; this field |
| is required unless mountedTLSDir is used, as most JVMs do not |
| support pkcs12 keystores without a password |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| mountedTLSDir: |
| description: Used to specify a path where the keystore, truststore, |
| and password files for the TLS certificate are mounted by an |
| external agent or CSI driver. This option is typically used |
| with `spec.updateStrategy.restartSchedule` to restart Solr pods |
| before the mounted TLS cert expires. |
| properties: |
| keystoreFile: |
| description: Override the name of the keystore file; no default, |
| if you don't supply this setting, then the corresponding |
| env vars and Java system properties will not be configured |
| for the pod template |
| type: string |
| keystorePassword: |
| description: Set the password of the keystore explicitly. |
| Cannot be used with "keystorePasswordFile" |
| type: string |
| keystorePasswordFile: |
| description: Override the name of the keystore password file; |
| defaults to keystore-password, if "keystorePassword" is |
| not provided. |
| type: string |
| path: |
| description: The path on the main Solr container where the |
| TLS files are mounted by some external agent or CSI Driver |
| type: string |
| truststoreFile: |
| description: Override the name of the truststore file; no |
| default, if you don't supply this setting, then the corresponding |
| env vars and Java system properties will not be configured |
| for the pod template |
| type: string |
| truststorePassword: |
| description: Set the password of the truststore explicitly. |
| If "keystorePassword" is provided, and "truststorePasswordFile" |
| is not, this will be defaulted to "keystorePassword". |
| type: string |
| truststorePasswordFile: |
| description: Override the name of the truststore password |
| file; defaults to the same value as the KeystorePasswordFile, |
| if "truststorePassword" is not provided. |
| type: string |
| required: |
| - path |
| type: object |
| pkcs12Secret: |
| description: TLS Secret containing a pkcs12 keystore; required |
| for Solr pods unless mountedTLSDir is used |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| restartOnTLSSecretUpdate: |
| description: Opt-in flag to restart Solr pods after TLS secret |
| updates, such as if the cert is renewed; default is false. This |
| option only applies when using the `spec.solrTLS.pkcs12Secret` |
| option; when using the `spec.solrTLS.mountedTLSDir` option, |
| you need to ensure pods get restarted before the certs expire, |
| see `spec.updateStrategy.restartSchedule` for scheduling restarts. |
| type: boolean |
| trustStorePasswordSecret: |
| description: Secret containing the trust store password; if not |
| provided the keyStorePassword will be used |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| trustStoreSecret: |
| description: TLS Secret containing a pkcs12 truststore; if not |
| provided, then the keystore and password are used for the truststore |
| The specified key is used as the truststore file name when mounted |
| into Solr pods |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| verifyClientHostname: |
| description: Verify client's hostname during SSL handshake Only |
| applies for server configuration |
| type: boolean |
| type: object |
| solrGCTune: |
| description: Set GC Tuning configuration through GC_TUNE environment |
| variable |
| type: string |
| solrImage: |
| description: ContainerImage defines the fields needed for a Docker |
| repository image. The format here matches the predominant format |
| used in Helm charts. |
| properties: |
| imagePullSecret: |
| type: string |
| pullPolicy: |
| description: PullPolicy describes a policy for if/when to pull |
| a container image |
| type: string |
| repository: |
| type: string |
| tag: |
| type: string |
| type: object |
| solrJavaMem: |
| type: string |
| solrLogLevel: |
| description: Set the Solr Log level, defaults to INFO |
| type: string |
| solrModules: |
| description: 'List of Solr Modules to be loaded when starting Solr |
| Note: You do not need to specify a module if it is required by another |
| property (e.g. backupRepositories[].gcs)' |
| items: |
| type: string |
| type: array |
| solrOpts: |
| description: You can add common system properties to the SOLR_OPTS |
| environment variable SolrOpts is the string interface for these |
| optional settings |
| type: string |
| solrSecurity: |
| description: Options to enable Solr security |
| properties: |
| authenticationType: |
| description: Indicates the authentication plugin type that is |
| being used by Solr; for now only "Basic" is supported by the |
| Solr operator but support for other authentication plugins may |
| be added in the future. |
| enum: |
| - Basic |
| type: string |
| basicAuthSecret: |
| description: "Secret (kubernetes.io/basic-auth) containing credentials |
| the operator should use for API requests to secure Solr pods. |
| If you provide this secret, then the operator assumes you've |
| also configured your own security.json file and uploaded it |
| to Solr. If you change the password for this user using the |
| Solr security API, then you *must* update the secret with the |
| new password or the operator will be locked out of Solr and |
| API requests will fail, ultimately causing a CrashBackoffLoop |
| for all pods if probe endpoints are secured (see 'probesRequireAuth' |
| setting). \n If you don't supply this secret, then the operator |
| creates a kubernetes.io/basic-auth secret containing the password |
| for the \"k8s-oper\" user. All API requests from the operator |
| are made as the \"k8s-oper\" user, which is configured with |
| read-only access to a minimal set of endpoints. In addition, |
| the operator bootstraps a default security.json file and credentials |
| for two additional users: admin and solr. The 'solr' user has |
| basic read access to Solr resources. Once the security.json |
| is bootstrapped, the operator will not update it! You're expected |
| to use the 'admin' user to access the Security API to make further |
| changes. It's strictly a bootstrapping operation." |
| type: string |
| bootstrapSecurityJson: |
| description: Configure a user-provided security.json from a secret |
| to allow for advanced security config. If not specified, the |
| operator bootstraps a security.json with basic auth enabled. |
| This is a bootstrapping config only; once Solr is initialized, |
| the security config should be managed by the security API. |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| probesRequireAuth: |
| description: Flag to indicate if the configured HTTP endpoint(s) |
| used for the probes require authentication; defaults to false. |
| If you set to true, then probes will use a local command on |
| the main container to hit the secured endpoints with credentials |
| sourced from an env var instead of HTTP directly. |
| type: boolean |
| type: object |
| solrTLS: |
| description: Options to enable the server TLS certificate for Solr |
| pods |
| properties: |
| checkPeerName: |
| description: TLS certificates contain host/ip "peer name" information |
| that is validated by default. |
| type: boolean |
| clientAuth: |
| default: None |
| description: Determines the client authentication method, either |
| None, Want, or Need; this affects K8s ability to call liveness |
| / readiness probes so use cautiously. Only applies for server |
| certificates, has no effect on client certificates |
| enum: |
| - None |
| - Want |
| - Need |
| type: string |
| keyStorePasswordSecret: |
| description: Secret containing the key store password; this field |
| is required unless mountedTLSDir is used, as most JVMs do not |
| support pkcs12 keystores without a password |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| mountedTLSDir: |
| description: Used to specify a path where the keystore, truststore, |
| and password files for the TLS certificate are mounted by an |
| external agent or CSI driver. This option is typically used |
| with `spec.updateStrategy.restartSchedule` to restart Solr pods |
| before the mounted TLS cert expires. |
| properties: |
| keystoreFile: |
| description: Override the name of the keystore file; no default, |
| if you don't supply this setting, then the corresponding |
| env vars and Java system properties will not be configured |
| for the pod template |
| type: string |
| keystorePassword: |
| description: Set the password of the keystore explicitly. |
| Cannot be used with "keystorePasswordFile" |
| type: string |
| keystorePasswordFile: |
| description: Override the name of the keystore password file; |
| defaults to keystore-password, if "keystorePassword" is |
| not provided. |
| type: string |
| path: |
| description: The path on the main Solr container where the |
| TLS files are mounted by some external agent or CSI Driver |
| type: string |
| truststoreFile: |
| description: Override the name of the truststore file; no |
| default, if you don't supply this setting, then the corresponding |
| env vars and Java system properties will not be configured |
| for the pod template |
| type: string |
| truststorePassword: |
| description: Set the password of the truststore explicitly. |
| If "keystorePassword" is provided, and "truststorePasswordFile" |
| is not, this will be defaulted to "keystorePassword". |
| type: string |
| truststorePasswordFile: |
| description: Override the name of the truststore password |
| file; defaults to the same value as the KeystorePasswordFile, |
| if "truststorePassword" is not provided. |
| type: string |
| required: |
| - path |
| type: object |
| pkcs12Secret: |
| description: TLS Secret containing a pkcs12 keystore; required |
| for Solr pods unless mountedTLSDir is used |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| restartOnTLSSecretUpdate: |
| description: Opt-in flag to restart Solr pods after TLS secret |
| updates, such as if the cert is renewed; default is false. This |
| option only applies when using the `spec.solrTLS.pkcs12Secret` |
| option; when using the `spec.solrTLS.mountedTLSDir` option, |
| you need to ensure pods get restarted before the certs expire, |
| see `spec.updateStrategy.restartSchedule` for scheduling restarts. |
| type: boolean |
| trustStorePasswordSecret: |
| description: Secret containing the trust store password; if not |
| provided the keyStorePassword will be used |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| trustStoreSecret: |
| description: TLS Secret containing a pkcs12 truststore; if not |
| provided, then the keystore and password are used for the truststore |
| The specified key is used as the truststore file name when mounted |
| into Solr pods |
| properties: |
| key: |
| description: The key of the secret to select from. Must be |
| a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must be |
| defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| verifyClientHostname: |
| description: Verify client's hostname during SSL handshake Only |
| applies for server configuration |
| type: boolean |
| type: object |
| solrZkOpts: |
| description: This will add java system properties for connecting to |
| Zookeeper. SolrZkOpts is the string interface for these optional |
| settings |
| type: string |
| updateStrategy: |
| description: Define how Solr rolling updates are executed. |
| properties: |
| managed: |
| description: Options for Solr Operator Managed rolling updates. |
| properties: |
| maxPodsUnavailable: |
| anyOf: |
| - type: integer |
| - type: string |
| description: "The maximum number of pods that can be unavailable |
| during the update. Value can be an absolute number (ex: |
| 5) or a percentage of the desired number of pods (ex: 10%). |
| Absolute number is calculated from percentage by rounding |
| down. If the provided number is 0 or negative, then all |
| pods will be allowed to be updated in unison. \n Defaults |
| to 25%." |
| x-kubernetes-int-or-string: true |
| maxShardReplicasUnavailable: |
| anyOf: |
| - type: integer |
| - type: string |
| description: "The maximum number of replicas for each shard |
| that can be unavailable during the update. Value can be |
| an absolute number (ex: 5) or a percentage of replicas in |
| a shard (ex: 25%). Absolute number is calculated from percentage |
| by rounding down. If the provided number is 0 or negative, |
| then all replicas will be allowed to be updated in unison. |
| \n Defaults to 1." |
| x-kubernetes-int-or-string: true |
| type: object |
| method: |
| description: Method defines the way in which SolrClouds should |
| be updated when the podSpec changes. |
| enum: |
| - Managed |
| - StatefulSet |
| - Manual |
| type: string |
| restartSchedule: |
| description: "Perform a scheduled restart on the given schedule, |
| in CRON format. \n Multiple CRON syntaxes are supported - Standard |
| CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules |
| (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every |
| 10h30m\") \n For more information please check this reference: |
| https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format" |
| type: string |
| type: object |
| zookeeperRef: |
| description: The information for the Zookeeper this SolrCloud should |
| connect to Can be a zookeeper that is running, or one that is created |
| by the solr operator |
| properties: |
| connectionInfo: |
| description: A zookeeper ensemble that is run independently of |
| the solr operator If an externalConnectionString is provided, |
| but no internalConnectionString is, the external will be used |
| as the internal |
| properties: |
| acl: |
| description: ZooKeeper ACL to use when connecting with ZK. |
| This ACL should have ALL permission in the given chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret that |
| contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that stores |
| the username and password for the ACL. This secret must |
| be in the same namespace as the solrCloud or prometheusExporter |
| is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret that |
| contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| chroot: |
| description: The ChRoot to connect solr at |
| type: string |
| externalConnectionString: |
| description: The connection string to connect to the ensemble |
| from outside of the Kubernetes cluster If external and no |
| internal connection string is provided, the external cnx |
| string will be used as the internal cnx string |
| type: string |
| internalConnectionString: |
| description: The connection string to connect to the ensemble |
| from within the Kubernetes cluster |
| type: string |
| readOnlyAcl: |
| description: ZooKeeper ACL to use when connecting with ZK |
| for reading operations. This ACL should have READ permission |
| in the given chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret that |
| contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that stores |
| the username and password for the ACL. This secret must |
| be in the same namespace as the solrCloud or prometheusExporter |
| is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret that |
| contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| type: object |
| provided: |
| description: 'Create a new Zookeeper Ensemble with the following |
| spec Note: This option will not allow the SolrCloud to run across |
| kube-clusters. Note: Requires - The zookeeperOperator flag to |
| be provided to the Solr Operator - A zookeeper operator to be |
| running' |
| properties: |
| acl: |
| description: ZooKeeper ACL to use when connecting with ZK. |
| This ACL should have ALL permission in the given chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret that |
| contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that stores |
| the username and password for the ACL. This secret must |
| be in the same namespace as the solrCloud or prometheusExporter |
| is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret that |
| contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| adminServerService: |
| description: AdminServerService defines the policy to create |
| AdminServer Service for the zookeeper cluster. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations specifies the annotations to |
| attach to AdminServer service the operator creates. |
| type: object |
| external: |
| type: boolean |
| type: object |
| chroot: |
| description: The ChRoot to connect solr at |
| type: string |
| clientService: |
| description: ClientService defines the policy to create client |
| Service for the zookeeper cluster. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations specifies the annotations to |
| attach to client service the operator creates. |
| type: object |
| type: object |
| config: |
| description: Additional Zookeeper Configuration settings |
| properties: |
| additionalConfig: |
| additionalProperties: |
| type: string |
| description: key-value map of additional zookeeper configuration |
| parameters |
| type: object |
| x-kubernetes-preserve-unknown-fields: true |
| autoPurgePurgeInterval: |
| description: "The time interval in hours for which the |
| purge task has to be triggered \n Disabled by default" |
| type: integer |
| autoPurgeSnapRetainCount: |
| description: "Retain the snapshots according to retain |
| count \n The default value is 3" |
| type: integer |
| commitLogCount: |
| description: "Zookeeper maintains an in-memory list of |
| last committed requests for fast synchronization with |
| followers \n The default value is 500" |
| type: integer |
| globalOutstandingLimit: |
| description: "Clients can submit requests faster than |
| ZooKeeper can process them, especially if there are |
| a lot of clients. Zookeeper will throttle Clients so |
| that requests won't exceed global outstanding limit. |
| \n The default value is 1000" |
| type: integer |
| initLimit: |
| description: "InitLimit is the amount of time, in ticks, |
| to allow followers to connect and sync to a leader. |
| \n Default value is 10." |
| type: integer |
| maxClientCnxns: |
| description: "Limits the number of concurrent connections |
| that a single client, identified by IP address, may |
| make to a single member of the ZooKeeper ensemble. \n |
| The default value is 60" |
| type: integer |
| maxCnxns: |
| description: "Limits the total number of concurrent connections |
| that can be made to a zookeeper server \n The defult |
| value is 0, indicating no limit" |
| type: integer |
| maxSessionTimeout: |
| description: "The maximum session timeout in milliseconds |
| that the server will allow the client to negotiate. |
| \n The default value is 40000" |
| type: integer |
| minSessionTimeout: |
| description: "The minimum session timeout in milliseconds |
| that the server will allow the client to negotiate \n |
| The default value is 4000" |
| type: integer |
| preAllocSize: |
| description: "To avoid seeks ZooKeeper allocates space |
| in the transaction log file in blocks of preAllocSize |
| kilobytes \n The default value is 64M" |
| type: integer |
| quorumListenOnAllIPs: |
| description: "QuorumListenOnAllIPs when set to true the |
| ZooKeeper server will listen for connections from its |
| peers on all available IP addresses, and not only the |
| address configured in the server list of the configuration |
| file. It affects the connections handling the ZAB protocol |
| and the Fast Leader Election protocol. \n The default |
| value is false." |
| type: boolean |
| snapCount: |
| description: "ZooKeeper records its transactions using |
| snapshots and a transaction log The number of transactions |
| recorded in the transaction log before a snapshot can |
| be taken is determined by snapCount \n The default value |
| is 100,000" |
| type: integer |
| snapSizeLimitInKb: |
| description: "Snapshot size limit in Kb \n The defult |
| value is 4GB" |
| type: integer |
| syncLimit: |
| description: "SyncLimit is the amount of time, in ticks, |
| to allow followers to sync with Zookeeper. \n The default |
| value is 2." |
| type: integer |
| tickTime: |
| description: "TickTime is the length of a single tick, |
| which is the basic time unit used by Zookeeper, as measured |
| in milliseconds \n The default value is 2000." |
| type: integer |
| type: object |
| containers: |
| description: Containers defines to support multi containers |
| items: |
| description: A single application container that you want |
| to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. If |
| a variable cannot be resolved, the reference in the |
| input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists |
| or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in |
| the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Defaults |
| to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container is |
| starting. When a key exists in multiple sources, the |
| value associated with the last source will take precedence. |
| Values defined by an Env with a duplicate key will |
| take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of |
| a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag is |
| specified, or IfNotPresent otherwise. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. Cannot |
| be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, |
| the container is terminated and restarted according |
| to its restart policy. Other management of the |
| container blocks until the hook completes. More |
| info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup probe |
| failure, preemption, resource contention, etc. |
| The handler is not called if the container crashes |
| or exits. The Pod''s termination grace period |
| countdown begins before the PreStop hook is executed. |
| Regardless of the outcome of the handler, the |
| container will eventually terminate within the |
| Pod''s termination grace period (unless delayed |
| by finalizers). Other management of the container |
| blocks until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on |
| the default "0.0.0.0" address inside a container will |
| be accessible from the network. Modifying this array |
| with strategic merge patch may corrupt the data. For |
| more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port |
| in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, |
| 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in |
| a pod must have a unique name. Name for the |
| port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this |
| resource resize policy applies. Supported values: |
| cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It can |
| only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one |
| entry in pod.spec.resourceClaims of the |
| Pod where this field is used. It makes that |
| resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| restartPolicy: |
| description: 'RestartPolicy defines the restart behavior |
| of individual containers in a pod. This field may |
| only be set for init containers, and the only allowed |
| value is "Always". For non-init containers or when |
| this field is not specified, the restart behavior |
| is defined by the Pod''s restart policy and the container |
| type. Setting the RestartPolicy as "Always" for the |
| init container will have the following effect: this |
| init container will be continually restarted on exit |
| until all regular containers have terminated. Once |
| all regular containers have completed, all init containers |
| with restartPolicy "Always" will be shut down. This |
| lifecycle differs from normal init containers and |
| is often referred to as a "sidecar" container. Although |
| this init container still starts in the init container |
| sequence, it does not wait for the container to complete |
| before proceeding to the next init container. Instead, |
| the next init container starts immediately after this |
| init container is started, or after any startupProbe |
| has successfully completed.' |
| type: string |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields |
| of SecurityContext override the equivalent fields |
| of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the container |
| process. AllowPrivilegeEscalation is true always |
| when the container is: 1) run as Privileged 2) |
| has CAP_SYS_ADMIN Note that this field cannot |
| be set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default is |
| DefaultProcMount which uses the container runtime |
| defaults for readonly paths and masked paths. |
| This requires the ProcMountType feature flag to |
| be enabled. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will |
| validate the image at runtime to ensure that it |
| does not run as UID 0 (root) and fail to start |
| the container if it does. If unset or false, no |
| such validation will be performed. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| the container. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must be set if type is "Localhost". |
| Must NOT be set for any other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file |
| on the node should be used. RuntimeDefault |
| - the container runtime default profile should |
| be used. Unconfined - no profile should be |
| applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. Defaults |
| to the user specified in image metadata if |
| unspecified. May also be set in PodSecurityContext. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has |
| successfully initialized. If specified, no other probes |
| are executed until this completes successfully. If |
| this probe fails, the Pod will be restarted, just |
| as if the livenessProbe failed. This can be used to |
| provide different probe parameters at the beginning |
| of a Pod''s lifecycle, when it might take a long time |
| to load data or warm a cache, than during steady-state |
| operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If this |
| is not set, reads from stdin in the container will |
| always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce |
| is set to true, stdin is opened on container start, |
| is empty until the first client attaches to stdin, |
| and then remains open and accepts data until the client |
| disconnects, at which time stdin is closed and remains |
| closed until the container is restarted. If this flag |
| is false, a container processes that reads from stdin |
| will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written |
| is mounted into the container''s filesystem. Message |
| written is intended to be brief final status, such |
| as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last |
| chunk of container log output if the termination message |
| file is empty and the container exited with an error. |
| The log output is limited to 2048 bytes or 80 lines, |
| whichever is smaller. Defaults to File. Cannot be |
| updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a |
| raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a |
| Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment |
| variable references $(VAR_NAME) are expanded |
| using the container's environment. Defaults |
| to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which |
| might be configured in the container image. Cannot |
| be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| ephemeral: |
| description: Ephemeral is the configuration which helps create |
| ephemeral storage At anypoint only one of Persistence or |
| Ephemeral should be present in the manifest |
| properties: |
| emptydirvolumesource: |
| description: EmptyDirVolumeSource is optional and this |
| will create the emptydir volume It has two parameters |
| Medium and SizeLimit which are optional as well Medium |
| specifies What type of storage medium should back this |
| directory. SizeLimit specifies Total amount of local |
| storage required for this EmptyDir volume. |
| properties: |
| medium: |
| description: 'medium represents what type of storage |
| medium should back this directory. The default is |
| "" which means to use the node''s default medium. |
| Must be an empty string (default) or Memory. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount of local |
| storage required for this EmptyDir volume. The size |
| limit is also applicable for memory medium. The |
| maximum usage on memory medium EmptyDir would be |
| the minimum value between the SizeLimit specified |
| here and the sum of memory limits of all containers |
| in a pod. The default is nil which means that the |
| limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| type: object |
| headlessService: |
| description: HeadlessService defines the policy to create |
| headless Service for the zookeeper cluster. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations specifies the annotations to |
| attach to headless service the operator creates. |
| type: object |
| type: object |
| image: |
| description: Image of Zookeeper to run |
| properties: |
| imagePullSecret: |
| type: string |
| pullPolicy: |
| description: PullPolicy describes a policy for if/when |
| to pull a container image |
| type: string |
| repository: |
| type: string |
| tag: |
| type: string |
| type: object |
| initContainers: |
| description: Init containers to support initialization |
| items: |
| description: A single application container that you want |
| to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. If |
| a variable cannot be resolved, the reference in the |
| input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists |
| or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in |
| the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Defaults |
| to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container is |
| starting. When a key exists in multiple sources, the |
| value associated with the last source will take precedence. |
| Values defined by an Env with a duplicate key will |
| take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of |
| a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag is |
| specified, or IfNotPresent otherwise. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. Cannot |
| be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, |
| the container is terminated and restarted according |
| to its restart policy. Other management of the |
| container blocks until the hook completes. More |
| info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup probe |
| failure, preemption, resource contention, etc. |
| The handler is not called if the container crashes |
| or exits. The Pod''s termination grace period |
| countdown begins before the PreStop hook is executed. |
| Regardless of the outcome of the handler, the |
| container will eventually terminate within the |
| Pod''s termination grace period (unless delayed |
| by finalizers). Other management of the container |
| blocks until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on |
| the default "0.0.0.0" address inside a container will |
| be accessible from the network. Modifying this array |
| with strategic merge patch may corrupt the data. For |
| more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port |
| in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, |
| 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in |
| a pod must have a unique name. Name for the |
| port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this |
| resource resize policy applies. Supported values: |
| cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It can |
| only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one |
| entry in pod.spec.resourceClaims of the |
| Pod where this field is used. It makes that |
| resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| restartPolicy: |
| description: 'RestartPolicy defines the restart behavior |
| of individual containers in a pod. This field may |
| only be set for init containers, and the only allowed |
| value is "Always". For non-init containers or when |
| this field is not specified, the restart behavior |
| is defined by the Pod''s restart policy and the container |
| type. Setting the RestartPolicy as "Always" for the |
| init container will have the following effect: this |
| init container will be continually restarted on exit |
| until all regular containers have terminated. Once |
| all regular containers have completed, all init containers |
| with restartPolicy "Always" will be shut down. This |
| lifecycle differs from normal init containers and |
| is often referred to as a "sidecar" container. Although |
| this init container still starts in the init container |
| sequence, it does not wait for the container to complete |
| before proceeding to the next init container. Instead, |
| the next init container starts immediately after this |
| init container is started, or after any startupProbe |
| has successfully completed.' |
| type: string |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields |
| of SecurityContext override the equivalent fields |
| of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the container |
| process. AllowPrivilegeEscalation is true always |
| when the container is: 1) run as Privileged 2) |
| has CAP_SYS_ADMIN Note that this field cannot |
| be set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default is |
| DefaultProcMount which uses the container runtime |
| defaults for readonly paths and masked paths. |
| This requires the ProcMountType feature flag to |
| be enabled. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will |
| validate the image at runtime to ensure that it |
| does not run as UID 0 (root) and fail to start |
| the container if it does. If unset or false, no |
| such validation will be performed. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| the container. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must be set if type is "Localhost". |
| Must NOT be set for any other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file |
| on the node should be used. RuntimeDefault |
| - the container runtime default profile should |
| be used. Unconfined - no profile should be |
| applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. Defaults |
| to the user specified in image metadata if |
| unspecified. May also be set in PodSecurityContext. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has |
| successfully initialized. If specified, no other probes |
| are executed until this completes successfully. If |
| this probe fails, the Pod will be restarted, just |
| as if the livenessProbe failed. This can be used to |
| provide different probe parameters at the beginning |
| of a Pod''s lifecycle, when it might take a long time |
| to load data or warm a cache, than during steady-state |
| operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If this |
| is not set, reads from stdin in the container will |
| always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce |
| is set to true, stdin is opened on container start, |
| is empty until the first client attaches to stdin, |
| and then remains open and accepts data until the client |
| disconnects, at which time stdin is closed and remains |
| closed until the container is restarted. If this flag |
| is false, a container processes that reads from stdin |
| will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written |
| is mounted into the container''s filesystem. Message |
| written is intended to be brief final status, such |
| as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last |
| chunk of container log output if the termination message |
| file is empty and the container exited with an error. |
| The log output is limited to 2048 bytes or 80 lines, |
| whichever is smaller. Defaults to File. Cannot be |
| updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a |
| raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a |
| Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment |
| variable references $(VAR_NAME) are expanded |
| using the container's environment. Defaults |
| to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which |
| might be configured in the container image. Cannot |
| be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels specifies the labels to attach to all |
| resources the operator creates for the zookeeper cluster, |
| including StatefulSet, Pod, PersistentVolumeClaim, Service, |
| ConfigMap, et al. |
| type: object |
| maxUnavailableReplicas: |
| default: 1 |
| description: MaxUnavailableReplicas defines the MaxUnavailable |
| Replicas in pdb. Default is 1. |
| format: int32 |
| minimum: 1 |
| type: integer |
| persistence: |
| description: Persistence is the configuration for zookeeper |
| persistent layer. PersistentVolumeClaimSpec and VolumeReclaimPolicy |
| can be specified in here. At anypoint only one of Persistence |
| or Ephemeral should be present in the manifest |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations specifies the annotations to |
| attach to pvc the operator creates. |
| type: object |
| reclaimPolicy: |
| description: VolumeReclaimPolicy is a zookeeper operator |
| configuration. If it's set to Delete, the corresponding |
| PVCs will be deleted by the operator when zookeeper |
| cluster is deleted. The default value is Retain. |
| enum: |
| - Retain |
| - Delete |
| type: string |
| spec: |
| description: PersistentVolumeClaimSpec is the spec to |
| describe PVC for the container This field is optional. |
| If no PVC is specified default persistentvolume will |
| get created. |
| properties: |
| accessModes: |
| description: 'accessModes contains the desired access |
| modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be used to specify |
| either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) If the |
| provisioner or an external controller can support |
| the specified data source, it will create a new |
| volume based on the contents of the specified data |
| source. When the AnyVolumeDataSource feature gate |
| is enabled, dataSource contents will be copied to |
| dataSourceRef, and dataSourceRef contents will be |
| copied to dataSource when dataSourceRef.namespace |
| is not specified. If the namespace is specified, |
| then dataSourceRef will not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for the resource |
| being referenced. If APIGroup is not specified, |
| the specified Kind must be in the core API group. |
| For any other third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of resource being |
| referenced |
| type: string |
| name: |
| description: Name is the name of resource being |
| referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies the object from |
| which to populate the volume with data, if a non-empty |
| volume is desired. This may be any object from a |
| non-empty API group (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, volume binding |
| will only succeed if the type of the specified object |
| matches some installed volume populator or dynamic |
| provisioner. This field will replace the functionality |
| of the dataSource field and as such if both fields |
| are non-empty, they must have the same value. For |
| backwards compatibility, when namespace isn''t specified |
| in dataSourceRef, both fields (dataSource and dataSourceRef) |
| will be set to the same value automatically if one |
| of them is empty and the other is non-empty. When |
| namespace is specified in dataSourceRef, dataSource |
| isn''t set to the same value and must be empty. |
| There are three important differences between dataSource |
| and dataSourceRef: * While dataSource only allows |
| two specific types of objects, dataSourceRef allows |
| any non-core object, as well as PersistentVolumeClaim |
| objects. * While dataSource ignores disallowed values |
| (dropping them), dataSourceRef preserves all values, |
| and generates an error if a disallowed value is |
| specified. * While dataSource only allows local |
| objects, dataSourceRef allows objects in any namespaces. |
| (Beta) Using this field requires the AnyVolumeDataSource |
| feature gate to be enabled. (Alpha) Using the namespace |
| field of dataSourceRef requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for the resource |
| being referenced. If APIGroup is not specified, |
| the specified Kind must be in the core API group. |
| For any other third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of resource being |
| referenced |
| type: string |
| name: |
| description: Name is the name of resource being |
| referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace of resource |
| being referenced Note that when a namespace |
| is specified, a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent namespace |
| to allow that namespace's owner to accept the |
| reference. See the ReferenceGrant documentation |
| for details. (Alpha) This field requires the |
| CrossNamespaceVolumeDataSource feature gate |
| to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the minimum resources |
| the volume should have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed to specify |
| resource requirements that are lower than previous |
| value but must still be higher than capacity recorded |
| in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field |
| and requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It |
| can only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of |
| one entry in pod.spec.resourceClaims of |
| the Pod where this field is used. It makes |
| that resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query over volumes |
| to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement is |
| a selector that contains values, a key, and |
| an operator that relates the key and values. |
| properties: |
| key: |
| description: key is the label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. If |
| the operator is Exists or DoesNotExist, |
| the values array must be empty. This array |
| is replaced during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is "In", |
| and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the name of the |
| StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what type of volume |
| is required by the claim. Value of Filesystem is |
| implied when not included in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding reference to |
| the PersistentVolume backing this claim. |
| type: string |
| type: object |
| type: object |
| probes: |
| description: Probes specifies the timeout values for the Readiness |
| and Liveness Probes for the zookeeper pods. |
| properties: |
| livenessProbe: |
| properties: |
| failureThreshold: |
| format: int32 |
| minimum: 0 |
| type: integer |
| initialDelaySeconds: |
| format: int32 |
| minimum: 0 |
| type: integer |
| periodSeconds: |
| format: int32 |
| minimum: 0 |
| type: integer |
| successThreshold: |
| format: int32 |
| minimum: 0 |
| type: integer |
| timeoutSeconds: |
| format: int32 |
| minimum: 0 |
| type: integer |
| type: object |
| readinessProbe: |
| properties: |
| failureThreshold: |
| format: int32 |
| minimum: 0 |
| type: integer |
| initialDelaySeconds: |
| format: int32 |
| minimum: 0 |
| type: integer |
| periodSeconds: |
| format: int32 |
| minimum: 0 |
| type: integer |
| successThreshold: |
| format: int32 |
| minimum: 0 |
| type: integer |
| timeoutSeconds: |
| format: int32 |
| minimum: 0 |
| type: integer |
| type: object |
| type: object |
| readOnlyAcl: |
| description: ZooKeeper ACL to use when connecting with ZK |
| for reading operations. This ACL should have READ permission |
| in the given chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret that |
| contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that stores |
| the username and password for the ACL. This secret must |
| be in the same namespace as the solrCloud or prometheusExporter |
| is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret that |
| contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| replicas: |
| default: 3 |
| description: Number of members to create up for the ZK ensemble |
| Defaults to 3 |
| format: int32 |
| minimum: 1 |
| type: integer |
| volumeMounts: |
| description: VolumeMounts defines to support customized volumeMounts |
| items: |
| description: VolumeMount describes a mounting of a Volume |
| within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which the |
| volume should be mounted. Must not contain ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and the |
| other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write otherwise |
| (false or unspecified). Defaults to false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which the container's |
| volume should be mounted. Defaults to "" (volume's |
| root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from which |
| the container's volume should be mounted. Behaves |
| similarly to SubPath but environment variable references |
| $(VAR_NAME) are expanded using the container's environment. |
| Defaults to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| volumes: |
| description: Volumes defines to support customized volumes |
| items: |
| description: Volume represents a named volume in a pod that |
| may be accessed by any container in the pod. |
| properties: |
| awsElasticBlockStore: |
| description: 'awsElasticBlockStore represents an AWS |
| Disk resource that is attached to a kubelet''s host |
| machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type of the |
| volume that you want to mount. Tip: Ensure that |
| the filesystem type is supported by the host operating |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in the |
| volume that you want to mount. If omitted, the |
| default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for /dev/sda |
| is "0" (or you can leave the property empty).' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly value true will force the |
| readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: boolean |
| volumeID: |
| description: 'volumeID is unique ID of the persistent |
| disk resource in AWS (Amazon EBS volume). More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: string |
| required: |
| - volumeID |
| type: object |
| azureDisk: |
| description: azureDisk represents an Azure Data Disk |
| mount on the host and bind mount to the pod. |
| properties: |
| cachingMode: |
| description: 'cachingMode is the Host Caching mode: |
| None, Read Only, Read Write.' |
| type: string |
| diskName: |
| description: diskName is the Name of the data disk |
| in the blob storage |
| type: string |
| diskURI: |
| description: diskURI is the URI of data disk in |
| the blob storage |
| type: string |
| fsType: |
| description: fsType is Filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| kind: |
| description: 'kind expected values are Shared: multiple |
| blob disks per storage account Dedicated: single |
| blob disk per storage account Managed: azure |
| managed data disk (only in managed availability |
| set). defaults to shared' |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| required: |
| - diskName |
| - diskURI |
| type: object |
| azureFile: |
| description: azureFile represents an Azure File Service |
| mount on the host and bind mount to the pod. |
| properties: |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretName: |
| description: secretName is the name of secret that |
| contains Azure Storage Account Name and Key |
| type: string |
| shareName: |
| description: shareName is the azure share Name |
| type: string |
| required: |
| - secretName |
| - shareName |
| type: object |
| cephfs: |
| description: cephFS represents a Ceph FS mount on the |
| host that shares a pod's lifetime |
| properties: |
| monitors: |
| description: 'monitors is Required: Monitors is |
| a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| path: |
| description: 'path is Optional: Used as the mounted |
| root, rather than the full Ceph tree, default |
| is /' |
| type: string |
| readOnly: |
| description: 'readOnly is Optional: Defaults to |
| false (read/write). ReadOnly here will force the |
| ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: boolean |
| secretFile: |
| description: 'secretFile is Optional: SecretFile |
| is the path to key ring for User, default is /etc/ceph/user.secret |
| More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| secretRef: |
| description: 'secretRef is Optional: SecretRef is |
| reference to the authentication secret for User, |
| default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is optional: User is the rados |
| user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| required: |
| - monitors |
| type: object |
| cinder: |
| description: 'cinder represents a cinder volume attached |
| and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Examples: "ext4", "xfs", "ntfs". |
| Implicitly inferred to be "ext4" if unspecified. |
| More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| readOnly: |
| description: 'readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: boolean |
| secretRef: |
| description: 'secretRef is optional: points to a |
| secret object containing parameters used to connect |
| to OpenStack.' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeID: |
| description: 'volumeID used to identify the volume |
| in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| required: |
| - volumeID |
| type: object |
| configMap: |
| description: configMap represents a configMap that should |
| populate this volume |
| properties: |
| defaultMode: |
| description: 'defaultMode is optional: mode bits |
| used to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Defaults to 0644. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options that |
| affect the file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced ConfigMap |
| will be projected into the volume as a file whose |
| name is the key and content is the value. If specified, |
| the listed keys will be projected into the specified |
| paths, and unlisted keys will not be present. |
| If a key is specified which is not present in |
| the ConfigMap, the volume setup will error unless |
| it is marked optional. Paths must be relative |
| and may not contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. Must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. If |
| not specified, the volume defaultMode will |
| be used. This might be in conflict with |
| other options that affect the file mode, |
| like fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path of |
| the file to map the key to. May not be an |
| absolute path. May not contain the path |
| element '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| optional: |
| description: optional specify whether the ConfigMap |
| or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| csi: |
| description: csi (Container Storage Interface) represents |
| ephemeral storage that is handled by certain external |
| CSI drivers (Beta feature). |
| properties: |
| driver: |
| description: driver is the name of the CSI driver |
| that handles this volume. Consult with your admin |
| for the correct name as registered in the cluster. |
| type: string |
| fsType: |
| description: fsType to mount. Ex. "ext4", "xfs", |
| "ntfs". If not provided, the empty value is passed |
| to the associated CSI driver which will determine |
| the default filesystem to apply. |
| type: string |
| nodePublishSecretRef: |
| description: nodePublishSecretRef is a reference |
| to the secret object containing sensitive information |
| to pass to the CSI driver to complete the CSI |
| NodePublishVolume and NodeUnpublishVolume calls. |
| This field is optional, and may be empty if no |
| secret is required. If the secret object contains |
| more than one secret, all secret references are |
| passed. |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| readOnly: |
| description: readOnly specifies a read-only configuration |
| for the volume. Defaults to false (read/write). |
| type: boolean |
| volumeAttributes: |
| additionalProperties: |
| type: string |
| description: volumeAttributes stores driver-specific |
| properties that are passed to the CSI driver. |
| Consult your driver's documentation for supported |
| values. |
| type: object |
| required: |
| - driver |
| type: object |
| downwardAPI: |
| description: downwardAPI represents downward API about |
| the pod that should populate this volume |
| properties: |
| defaultMode: |
| description: 'Optional: mode bits to use on created |
| files by default. Must be a Optional: mode bits |
| used to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Defaults to 0644. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options that |
| affect the file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: Items is a list of downward API volume |
| file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing the |
| pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field of |
| the pod: only annotations, labels, name |
| and namespace are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used to |
| set permissions on this file, must be an |
| octal value between 0000 and 0777 or a decimal |
| value between 0 and 511. YAML accepts both |
| octal and decimal values, JSON requires |
| decimal values for mode bits. If not specified, |
| the volume defaultMode will be used. This |
| might be in conflict with other options |
| that affect the file mode, like fsGroup, |
| and the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the relative |
| path name of the file to be created. Must |
| not be absolute or contain the ''..'' path. |
| Must be utf-8 encoded. The first item of |
| the relative path must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, requests.cpu and requests.memory) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| emptyDir: |
| description: 'emptyDir represents a temporary directory |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| properties: |
| medium: |
| description: 'medium represents what type of storage |
| medium should back this directory. The default |
| is "" which means to use the node''s default medium. |
| Must be an empty string (default) or Memory. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount of local |
| storage required for this EmptyDir volume. The |
| size limit is also applicable for memory medium. |
| The maximum usage on memory medium EmptyDir would |
| be the minimum value between the SizeLimit specified |
| here and the sum of memory limits of all containers |
| in a pod. The default is nil which means that |
| the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| ephemeral: |
| description: "ephemeral represents a volume that is |
| handled by a cluster storage driver. The volume's |
| lifecycle is tied to the pod that defines it - it |
| will be created before the pod starts, and deleted |
| when the pod is removed. \n Use this if: a) the volume |
| is only needed while the pod runs, b) features of |
| normal volumes like restoring from snapshot or capacity |
| tracking are needed, c) the storage driver is specified |
| through a storage class, and d) the storage driver |
| supports dynamic volume provisioning through a PersistentVolumeClaim |
| (see EphemeralVolumeSource for more information on |
| the connection between this volume type and PersistentVolumeClaim). |
| \n Use PersistentVolumeClaim or one of the vendor-specific |
| APIs for volumes that persist for longer than the |
| lifecycle of an individual pod. \n Use CSI for light-weight |
| local ephemeral volumes if the CSI driver is meant |
| to be used that way - see the documentation of the |
| driver for more information. \n A pod can use both |
| types of ephemeral volumes and persistent volumes |
| at the same time." |
| properties: |
| volumeClaimTemplate: |
| description: "Will be used to create a stand-alone |
| PVC to provision the volume. The pod in which |
| this EphemeralVolumeSource is embedded will be |
| the owner of the PVC, i.e. the PVC will be deleted |
| together with the pod. The name of the PVC will |
| be `<pod name>-<volume name>` where `<volume name>` |
| is the name from the `PodSpec.Volumes` array entry. |
| Pod validation will reject the pod if the concatenated |
| name is not valid for a PVC (for example, too |
| long). \n An existing PVC with that name that |
| is not owned by the pod will *not* be used for |
| the pod to avoid using an unrelated volume by |
| mistake. Starting the pod is then blocked until |
| the unrelated PVC is removed. If such a pre-created |
| PVC is meant to be used by the pod, the PVC has |
| to updated with an owner reference to the pod |
| once the pod exists. Normally this should not |
| be necessary, but it may be useful when manually |
| reconstructing a broken cluster. \n This field |
| is read-only and no changes will be made by Kubernetes |
| to the PVC after it has been created. \n Required, |
| must not be nil." |
| properties: |
| metadata: |
| description: May contain labels and annotations |
| that will be copied into the PVC when creating |
| it. No other fields are allowed and will be |
| rejected during validation. |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged into |
| the PVC that gets created from this template. |
| The same fields as in a PersistentVolumeClaim |
| are also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the desired |
| access modes the volume should have. More |
| info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be used |
| to specify either: * An existing VolumeSnapshot |
| object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) |
| If the provisioner or an external controller |
| can support the specified data source, |
| it will create a new volume based on the |
| contents of the specified data source. |
| When the AnyVolumeDataSource feature gate |
| is enabled, dataSource contents will be |
| copied to dataSourceRef, and dataSourceRef |
| contents will be copied to dataSource |
| when dataSourceRef.namespace is not specified. |
| If the namespace is specified, then dataSourceRef |
| will not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for |
| the resource being referenced. If |
| APIGroup is not specified, the specified |
| Kind must be in the core API group. |
| For any other third-party types, APIGroup |
| is required. |
| type: string |
| kind: |
| description: Kind is the type of resource |
| being referenced |
| type: string |
| name: |
| description: Name is the name of resource |
| being referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies the |
| object from which to populate the volume |
| with data, if a non-empty volume is desired. |
| This may be any object from a non-empty |
| API group (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, |
| volume binding will only succeed if the |
| type of the specified object matches some |
| installed volume populator or dynamic |
| provisioner. This field will replace the |
| functionality of the dataSource field |
| and as such if both fields are non-empty, |
| they must have the same value. For backwards |
| compatibility, when namespace isn''t specified |
| in dataSourceRef, both fields (dataSource |
| and dataSourceRef) will be set to the |
| same value automatically if one of them |
| is empty and the other is non-empty. When |
| namespace is specified in dataSourceRef, |
| dataSource isn''t set to the same value |
| and must be empty. There are three important |
| differences between dataSource and dataSourceRef: |
| * While dataSource only allows two specific |
| types of objects, dataSourceRef allows |
| any non-core object, as well as PersistentVolumeClaim |
| objects. * While dataSource ignores disallowed |
| values (dropping them), dataSourceRef |
| preserves all values, and generates an |
| error if a disallowed value is specified. |
| * While dataSource only allows local objects, |
| dataSourceRef allows objects in any namespaces. |
| (Beta) Using this field requires the AnyVolumeDataSource |
| feature gate to be enabled. (Alpha) Using |
| the namespace field of dataSourceRef requires |
| the CrossNamespaceVolumeDataSource feature |
| gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group for |
| the resource being referenced. If |
| APIGroup is not specified, the specified |
| Kind must be in the core API group. |
| For any other third-party types, APIGroup |
| is required. |
| type: string |
| kind: |
| description: Kind is the type of resource |
| being referenced |
| type: string |
| name: |
| description: Name is the name of resource |
| being referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace |
| of resource being referenced Note |
| that when a namespace is specified, |
| a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent |
| namespace to allow that namespace's |
| owner to accept the reference. See |
| the ReferenceGrant documentation for |
| details. (Alpha) This field requires |
| the CrossNamespaceVolumeDataSource |
| feature gate to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the minimum |
| resources the volume should have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed to |
| specify resource requirements that are |
| lower than previous value but must still |
| be higher than capacity recorded in the |
| status field of the claim. More info: |
| https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names |
| of resources, defined in spec.resourceClaims, |
| that are used by this container. \n |
| This is an alpha field and requires |
| enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. |
| It can only be set for containers." |
| items: |
| description: ResourceClaim references |
| one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the |
| name of one entry in pod.spec.resourceClaims |
| of the Pod where this field |
| is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum |
| amount of compute resources allowed. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the |
| minimum amount of compute resources |
| required. If Requests is omitted for |
| a container, it defaults to Limits |
| if that is explicitly specified, otherwise |
| to an implementation-defined value. |
| Requests cannot exceed Limits. More |
| info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query over |
| volumes to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the name |
| of the StorageClass required by the claim. |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what type |
| of volume is required by the claim. Value |
| of Filesystem is implied when not included |
| in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding reference |
| to the PersistentVolume backing this claim. |
| type: string |
| type: object |
| required: |
| - spec |
| type: object |
| type: object |
| fc: |
| description: fc represents a Fibre Channel resource |
| that is attached to a kubelet's host machine and then |
| exposed to the pod. |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. TODO: how |
| do we prevent errors in the filesystem from compromising |
| the machine' |
| type: string |
| lun: |
| description: 'lun is Optional: FC target lun number' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly is Optional: Defaults to |
| false (read/write). ReadOnly here will force the |
| ReadOnly setting in VolumeMounts.' |
| type: boolean |
| targetWWNs: |
| description: 'targetWWNs is Optional: FC target |
| worldwide names (WWNs)' |
| items: |
| type: string |
| type: array |
| wwids: |
| description: 'wwids Optional: FC volume world wide |
| identifiers (wwids) Either wwids or combination |
| of targetWWNs and lun must be set, but not both |
| simultaneously.' |
| items: |
| type: string |
| type: array |
| type: object |
| flexVolume: |
| description: flexVolume represents a generic volume |
| resource that is provisioned/attached using an exec |
| based plugin. |
| properties: |
| driver: |
| description: driver is the name of the driver to |
| use for this volume. |
| type: string |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". The |
| default filesystem depends on FlexVolume script. |
| type: string |
| options: |
| additionalProperties: |
| type: string |
| description: 'options is Optional: this field holds |
| extra command options if any.' |
| type: object |
| readOnly: |
| description: 'readOnly is Optional: defaults to |
| false (read/write). ReadOnly here will force the |
| ReadOnly setting in VolumeMounts.' |
| type: boolean |
| secretRef: |
| description: 'secretRef is Optional: secretRef is |
| reference to the secret object containing sensitive |
| information to pass to the plugin scripts. This |
| may be empty if no secret object is specified. |
| If the secret object contains more than one secret, |
| all secrets are passed to the plugin scripts.' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - driver |
| type: object |
| flocker: |
| description: flocker represents a Flocker volume attached |
| to a kubelet's host machine. This depends on the Flocker |
| control service being running |
| properties: |
| datasetName: |
| description: datasetName is Name of the dataset |
| stored as metadata -> name on the dataset for |
| Flocker should be considered as deprecated |
| type: string |
| datasetUUID: |
| description: datasetUUID is the UUID of the dataset. |
| This is unique identifier of a Flocker dataset |
| type: string |
| type: object |
| gcePersistentDisk: |
| description: 'gcePersistentDisk represents a GCE Disk |
| resource that is attached to a kubelet''s host machine |
| and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| properties: |
| fsType: |
| description: 'fsType is filesystem type of the volume |
| that you want to mount. Tip: Ensure that the filesystem |
| type is supported by the host operating system. |
| Examples: "ext4", "xfs", "ntfs". Implicitly inferred |
| to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in the |
| volume that you want to mount. If omitted, the |
| default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for /dev/sda |
| is "0" (or you can leave the property empty). |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| format: int32 |
| type: integer |
| pdName: |
| description: 'pdName is unique name of the PD resource |
| in GCE. Used to identify the disk in GCE. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: boolean |
| required: |
| - pdName |
| type: object |
| gitRepo: |
| description: 'gitRepo represents a git repository at |
| a particular revision. DEPRECATED: GitRepo is deprecated. |
| To provision a container with a git repo, mount an |
| EmptyDir into an InitContainer that clones the repo |
| using git, then mount the EmptyDir into the Pod''s |
| container.' |
| properties: |
| directory: |
| description: directory is the target directory name. |
| Must not contain or start with '..'. If '.' is |
| supplied, the volume directory will be the git |
| repository. Otherwise, if specified, the volume |
| will contain the git repository in the subdirectory |
| with the given name. |
| type: string |
| repository: |
| description: repository is the URL |
| type: string |
| revision: |
| description: revision is the commit hash for the |
| specified revision. |
| type: string |
| required: |
| - repository |
| type: object |
| glusterfs: |
| description: 'glusterfs represents a Glusterfs mount |
| on the host that shares a pod''s lifetime. More info: |
| https://examples.k8s.io/volumes/glusterfs/README.md' |
| properties: |
| endpoints: |
| description: 'endpoints is the endpoint name that |
| details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| path: |
| description: 'path is the Glusterfs volume path. |
| More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the Glusterfs |
| volume to be mounted with read-only permissions. |
| Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: boolean |
| required: |
| - endpoints |
| - path |
| type: object |
| hostPath: |
| description: 'hostPath represents a pre-existing file |
| or directory on the host machine that is directly |
| exposed to the container. This is generally used for |
| system agents or other privileged things that are |
| allowed to see the host machine. Most containers will |
| NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
| --- TODO(jonesdl) We need to restrict who can use |
| host directory mounts and who can/can not mount host |
| directories as read/write.' |
| properties: |
| path: |
| description: 'path of the directory on the host. |
| If the path is a symlink, it will follow the link |
| to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults |
| to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| iscsi: |
| description: 'iscsi represents an ISCSI Disk resource |
| that is attached to a kubelet''s host machine and |
| then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' |
| properties: |
| chapAuthDiscovery: |
| description: chapAuthDiscovery defines whether support |
| iSCSI Discovery CHAP authentication |
| type: boolean |
| chapAuthSession: |
| description: chapAuthSession defines whether support |
| iSCSI Session CHAP authentication |
| type: boolean |
| fsType: |
| description: 'fsType is the filesystem type of the |
| volume that you want to mount. Tip: Ensure that |
| the filesystem type is supported by the host operating |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#iscsi |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| initiatorName: |
| description: initiatorName is the custom iSCSI Initiator |
| Name. If initiatorName is specified with iscsiInterface |
| simultaneously, new iSCSI interface <target portal>:<volume |
| name> will be created for the connection. |
| type: string |
| iqn: |
| description: iqn is the target iSCSI Qualified Name. |
| type: string |
| iscsiInterface: |
| description: iscsiInterface is the interface Name |
| that uses an iSCSI transport. Defaults to 'default' |
| (tcp). |
| type: string |
| lun: |
| description: lun represents iSCSI Target Lun number. |
| format: int32 |
| type: integer |
| portals: |
| description: portals is the iSCSI Target Portal |
| List. The portal is either an IP or ip_addr:port |
| if the port is other than default (typically TCP |
| ports 860 and 3260). |
| items: |
| type: string |
| type: array |
| readOnly: |
| description: readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| type: boolean |
| secretRef: |
| description: secretRef is the CHAP Secret for iSCSI |
| target and initiator authentication |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| targetPortal: |
| description: targetPortal is iSCSI Target Portal. |
| The Portal is either an IP or ip_addr:port if |
| the port is other than default (typically TCP |
| ports 860 and 3260). |
| type: string |
| required: |
| - iqn |
| - lun |
| - targetPortal |
| type: object |
| name: |
| description: 'name of the volume. Must be a DNS_LABEL |
| and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' |
| type: string |
| nfs: |
| description: 'nfs represents an NFS mount on the host |
| that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| properties: |
| path: |
| description: 'path that is exported by the NFS server. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the NFS export |
| to be mounted with read-only permissions. Defaults |
| to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: boolean |
| server: |
| description: 'server is the hostname or IP address |
| of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| required: |
| - path |
| - server |
| type: object |
| persistentVolumeClaim: |
| description: 'persistentVolumeClaimVolumeSource represents |
| a reference to a PersistentVolumeClaim in the same |
| namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| properties: |
| claimName: |
| description: 'claimName is the name of a PersistentVolumeClaim |
| in the same namespace as the pod using this volume. |
| More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| type: string |
| readOnly: |
| description: readOnly Will force the ReadOnly setting |
| in VolumeMounts. Default false. |
| type: boolean |
| required: |
| - claimName |
| type: object |
| photonPersistentDisk: |
| description: photonPersistentDisk represents a PhotonController |
| persistent disk attached and mounted on kubelets host |
| machine |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| pdID: |
| description: pdID is the ID that identifies Photon |
| Controller persistent disk |
| type: string |
| required: |
| - pdID |
| type: object |
| portworxVolume: |
| description: portworxVolume represents a portworx volume |
| attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fSType represents the filesystem type |
| to mount Must be a filesystem type supported by |
| the host operating system. Ex. "ext4", "xfs". |
| Implicitly inferred to be "ext4" if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| volumeID: |
| description: volumeID uniquely identifies a Portworx |
| volume |
| type: string |
| required: |
| - volumeID |
| type: object |
| projected: |
| description: projected items for all in one resources |
| secrets, configmaps, and downward API |
| properties: |
| defaultMode: |
| description: defaultMode are the mode bits used |
| to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Directories within the path |
| are not affected by this setting. This might be |
| in conflict with other options that affect the |
| file mode, like fsGroup, and the result can be |
| other mode bits set. |
| format: int32 |
| type: integer |
| sources: |
| description: sources is the list of volume projections |
| items: |
| description: Projection that may be projected |
| along with other supported volume types |
| properties: |
| configMap: |
| description: configMap information about the |
| configMap data to project |
| properties: |
| items: |
| description: items if unspecified, each |
| key-value pair in the Data field of |
| the referenced ConfigMap will be projected |
| into the volume as a file whose name |
| is the key and content is the value. |
| If specified, the listed keys will be |
| projected into the specified paths, |
| and unlisted keys will not be present. |
| If a key is specified which is not present |
| in the ConfigMap, the volume setup will |
| error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a |
| path within a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 or |
| a decimal value between 0 and |
| 511. YAML accepts both octal and |
| decimal values, JSON requires |
| decimal values for mode bits. |
| If not specified, the volume defaultMode |
| will be used. This might be in |
| conflict with other options that |
| affect the file mode, like fsGroup, |
| and the result can be other mode |
| bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the key |
| to. May not be an absolute path. |
| May not contain the path element |
| '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether |
| the ConfigMap or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| downwardAPI: |
| description: downwardAPI information about |
| the downwardAPI data to project |
| properties: |
| items: |
| description: Items is a list of DownwardAPIVolume |
| file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing |
| the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects |
| a field of the pod: only annotations, |
| labels, name and namespace are |
| supported.' |
| properties: |
| apiVersion: |
| description: Version of the |
| schema the FieldPath is written |
| in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field |
| to select in the specified |
| API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits |
| used to set permissions on this |
| file, must be an octal value between |
| 0000 and 0777 or a decimal value |
| between 0 and 511. YAML accepts |
| both octal and decimal values, |
| JSON requires decimal values for |
| mode bits. If not specified, the |
| volume defaultMode will be used. |
| This might be in conflict with |
| other options that affect the |
| file mode, like fsGroup, and the |
| result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the |
| relative path name of the file |
| to be created. Must not be absolute |
| or contain the ''..'' path. Must |
| be utf-8 encoded. The first item |
| of the relative path must not |
| start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource |
| of the container: only resources |
| limits and requests (limits.cpu, |
| limits.memory, requests.cpu and |
| requests.memory) are currently |
| supported.' |
| properties: |
| containerName: |
| description: 'Container name: |
| required for volumes, optional |
| for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource |
| to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| secret: |
| description: secret information about the |
| secret data to project |
| properties: |
| items: |
| description: items if unspecified, each |
| key-value pair in the Data field of |
| the referenced Secret will be projected |
| into the volume as a file whose name |
| is the key and content is the value. |
| If specified, the listed keys will be |
| projected into the specified paths, |
| and unlisted keys will not be present. |
| If a key is specified which is not present |
| in the Secret, the volume setup will |
| error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a |
| path within a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 or |
| a decimal value between 0 and |
| 511. YAML accepts both octal and |
| decimal values, JSON requires |
| decimal values for mode bits. |
| If not specified, the volume defaultMode |
| will be used. This might be in |
| conflict with other options that |
| affect the file mode, like fsGroup, |
| and the result can be other mode |
| bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the key |
| to. May not be an absolute path. |
| May not contain the path element |
| '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional field specify whether |
| the Secret or its key must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| serviceAccountToken: |
| description: serviceAccountToken is information |
| about the serviceAccountToken data to project |
| properties: |
| audience: |
| description: audience is the intended |
| audience of the token. A recipient of |
| a token must identify itself with an |
| identifier specified in the audience |
| of the token, and otherwise should reject |
| the token. The audience defaults to |
| the identifier of the apiserver. |
| type: string |
| expirationSeconds: |
| description: expirationSeconds is the |
| requested duration of validity of the |
| service account token. As the token |
| approaches expiration, the kubelet volume |
| plugin will proactively rotate the service |
| account token. The kubelet will start |
| trying to rotate the token if the token |
| is older than 80 percent of its time |
| to live or if the token is older than |
| 24 hours.Defaults to 1 hour and must |
| be at least 10 minutes. |
| format: int64 |
| type: integer |
| path: |
| description: path is the path relative |
| to the mount point of the file to project |
| the token into. |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| type: array |
| type: object |
| quobyte: |
| description: quobyte represents a Quobyte mount on the |
| host that shares a pod's lifetime |
| properties: |
| group: |
| description: group to map volume access to Default |
| is no group |
| type: string |
| readOnly: |
| description: readOnly here will force the Quobyte |
| volume to be mounted with read-only permissions. |
| Defaults to false. |
| type: boolean |
| registry: |
| description: registry represents a single or multiple |
| Quobyte Registry services specified as a string |
| as host:port pair (multiple entries are separated |
| with commas) which acts as the central registry |
| for volumes |
| type: string |
| tenant: |
| description: tenant owning the given Quobyte volume |
| in the Backend Used with dynamically provisioned |
| Quobyte volumes, value is set by the plugin |
| type: string |
| user: |
| description: user to map volume access to Defaults |
| to serivceaccount user |
| type: string |
| volume: |
| description: volume is a string that references |
| an already created Quobyte volume by name. |
| type: string |
| required: |
| - registry |
| - volume |
| type: object |
| rbd: |
| description: 'rbd represents a Rados Block Device mount |
| on the host that shares a pod''s lifetime. More info: |
| https://examples.k8s.io/volumes/rbd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type of the |
| volume that you want to mount. Tip: Ensure that |
| the filesystem type is supported by the host operating |
| system. Examples: "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#rbd |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| image: |
| description: 'image is the rados image name. More |
| info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| keyring: |
| description: 'keyring is the path to key ring for |
| RBDUser. Default is /etc/ceph/keyring. More info: |
| https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| monitors: |
| description: 'monitors is a collection of Ceph monitors. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| pool: |
| description: 'pool is the rados pool name. Default |
| is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. More |
| info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: boolean |
| secretRef: |
| description: 'secretRef is name of the authentication |
| secret for RBDUser. If provided overrides keyring. |
| Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is the rados user name. Default |
| is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| required: |
| - image |
| - monitors |
| type: object |
| scaleIO: |
| description: scaleIO represents a ScaleIO persistent |
| volume attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Default |
| is "xfs". |
| type: string |
| gateway: |
| description: gateway is the host address of the |
| ScaleIO API Gateway. |
| type: string |
| protectionDomain: |
| description: protectionDomain is the name of the |
| ScaleIO Protection Domain for the configured storage. |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef references to the secret |
| for ScaleIO user and other sensitive information. |
| If this is not provided, Login operation will |
| fail. |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| sslEnabled: |
| description: sslEnabled Flag enable/disable SSL |
| communication with Gateway, default false |
| type: boolean |
| storageMode: |
| description: storageMode indicates whether the storage |
| for a volume should be ThickProvisioned or ThinProvisioned. |
| Default is ThinProvisioned. |
| type: string |
| storagePool: |
| description: storagePool is the ScaleIO Storage |
| Pool associated with the protection domain. |
| type: string |
| system: |
| description: system is the name of the storage system |
| as configured in ScaleIO. |
| type: string |
| volumeName: |
| description: volumeName is the name of a volume |
| already created in the ScaleIO system that is |
| associated with this volume source. |
| type: string |
| required: |
| - gateway |
| - secretRef |
| - system |
| type: object |
| secret: |
| description: 'secret represents a secret that should |
| populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| properties: |
| defaultMode: |
| description: 'defaultMode is Optional: mode bits |
| used to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 or |
| a decimal value between 0 and 511. YAML accepts |
| both octal and decimal values, JSON requires decimal |
| values for mode bits. Defaults to 0644. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options that |
| affect the file mode, like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items If unspecified, each key-value |
| pair in the Data field of the referenced Secret |
| will be projected into the volume as a file whose |
| name is the key and content is the value. If specified, |
| the listed keys will be projected into the specified |
| paths, and unlisted keys will not be present. |
| If a key is specified which is not present in |
| the Secret, the volume setup will error unless |
| it is marked optional. Paths must be relative |
| and may not contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. Must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. If |
| not specified, the volume defaultMode will |
| be used. This might be in conflict with |
| other options that affect the file mode, |
| like fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path of |
| the file to map the key to. May not be an |
| absolute path. May not contain the path |
| element '..'. May not start with the string |
| '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| optional: |
| description: optional field specify whether the |
| Secret or its keys must be defined |
| type: boolean |
| secretName: |
| description: 'secretName is the name of the secret |
| in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| type: string |
| type: object |
| storageos: |
| description: storageOS represents a StorageOS volume |
| attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef specifies the secret to use |
| for obtaining the StorageOS API credentials. If |
| not specified, default values will be attempted. |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeName: |
| description: volumeName is the human-readable name |
| of the StorageOS volume. Volume names are only |
| unique within a namespace. |
| type: string |
| volumeNamespace: |
| description: volumeNamespace specifies the scope |
| of the volume within StorageOS. If no namespace |
| is specified then the Pod's namespace will be |
| used. This allows the Kubernetes name scoping |
| to be mirrored within StorageOS for tighter integration. |
| Set VolumeName to any name to override the default |
| behaviour. Set to "default" if you are not using |
| namespaces within StorageOS. Namespaces that do |
| not pre-exist within StorageOS will be created. |
| type: string |
| type: object |
| vsphereVolume: |
| description: vsphereVolume represents a vSphere volume |
| attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fsType is filesystem type to mount. |
| Must be a filesystem type supported by the host |
| operating system. Ex. "ext4", "xfs", "ntfs". Implicitly |
| inferred to be "ext4" if unspecified. |
| type: string |
| storagePolicyID: |
| description: storagePolicyID is the storage Policy |
| Based Management (SPBM) profile ID associated |
| with the StoragePolicyName. |
| type: string |
| storagePolicyName: |
| description: storagePolicyName is the storage Policy |
| Based Management (SPBM) profile name. |
| type: string |
| volumePath: |
| description: volumePath is the path that identifies |
| vSphere volume vmdk |
| type: string |
| required: |
| - volumePath |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| zookeeperPodPolicy: |
| description: Customization options for the Zookeeper Pod |
| properties: |
| affinity: |
| description: The scheduling constraints on pods. |
| properties: |
| nodeAffinity: |
| description: Describes node affinity scheduling rules |
| for the pod. |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a |
| node that violates one or more of the expressions. |
| The node that is most preferred is the one with |
| the greatest sum of weights, i.e. for each node |
| that meets all of the scheduling requirements |
| (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by |
| iterating through the elements of this field |
| and adding "weight" to the sum if the node matches |
| the corresponding matchExpressions; the node(s) |
| with the highest sum are the most preferred. |
| items: |
| description: An empty preferred scheduling term |
| matches all objects with implicit weight 0 |
| (i.e. it's a no-op). A null preferred scheduling |
| term matches no objects (i.e. is also a no-op). |
| properties: |
| preference: |
| description: A node selector term, associated |
| with the corresponding weight. |
| properties: |
| matchExpressions: |
| description: A list of node selector |
| requirements by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector |
| requirements by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| weight: |
| description: Weight associated with matching |
| the corresponding nodeSelectorTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - preference |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, |
| the pod will not be scheduled onto the node. |
| If the affinity requirements specified by this |
| field cease to be met at some point during pod |
| execution (e.g. due to an update), the system |
| may or may not try to eventually evict the pod |
| from its node. |
| properties: |
| nodeSelectorTerms: |
| description: Required. A list of node selector |
| terms. The terms are ORed. |
| items: |
| description: A null or empty node selector |
| term matches no objects. The requirements |
| of them are ANDed. The TopologySelectorTerm |
| type implements a subset of the NodeSelectorTerm. |
| properties: |
| matchExpressions: |
| description: A list of node selector |
| requirements by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector |
| requirements by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: Represents a key's |
| relationship to a set of values. |
| Valid operators are In, NotIn, |
| Exists, DoesNotExist. Gt, and |
| Lt. |
| type: string |
| values: |
| description: An array of string |
| values. If the operator is In |
| or NotIn, the values array must |
| be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| If the operator is Gt or Lt, |
| the values array must have a |
| single element, which will be |
| interpreted as an integer. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| required: |
| - nodeSelectorTerms |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| podAffinity: |
| description: Describes pod affinity scheduling rules |
| (e.g. co-locate this pod in the same node, zone, |
| etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a |
| node that violates one or more of the expressions. |
| The node that is most preferred is the one with |
| the greatest sum of weights, i.e. for each node |
| that meets all of the scheduling requirements |
| (resource request, requiredDuringScheduling |
| affinity expressions, etc.), compute a sum by |
| iterating through the elements of this field |
| and adding "weight" to the sum if the node has |
| pods which matches the corresponding podAffinityTerm; |
| the node(s) with the highest sum are the most |
| preferred. |
| items: |
| description: The weights of all of the matched |
| WeightedPodAffinityTerm fields are added per-node |
| to find the most preferred node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set |
| of resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the |
| set of namespaces that the term applies |
| to. The term is applied to the union |
| of the namespaces selected by this |
| field and the ones listed in the namespaces |
| field. null selector and null or empty |
| namespaces list means "this pod's |
| namespace". An empty selector ({}) |
| matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a |
| static list of namespace names that |
| the term applies to. The term is applied |
| to the union of the namespaces listed |
| in this field and the ones selected |
| by namespaceSelector. null or empty |
| namespaces list and null namespaceSelector |
| means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where |
| co-located is defined as running on |
| a node whose value of the label with |
| key topologyKey matches that of any |
| node on which any of the selected |
| pods is running. Empty topologyKey |
| is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, |
| the pod will not be scheduled onto the node. |
| If the affinity requirements specified by this |
| field cease to be met at some point during pod |
| execution (e.g. due to a pod label update), |
| the system may or may not try to eventually |
| evict the pod from its node. When there are |
| multiple elements, the lists of nodes corresponding |
| to each podAffinityTerm are intersected, i.e. |
| all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the |
| given namespace(s)) that this pod should be |
| co-located (affinity) or not co-located (anti-affinity) |
| with, where co-located is defined as running |
| on a node whose value of the label with key |
| <topologyKey> matches that of any node on |
| which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| podAntiAffinity: |
| description: Describes pod anti-affinity scheduling |
| rules (e.g. avoid putting this pod in the same node, |
| zone, etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the anti-affinity |
| expressions specified by this field, but it |
| may choose a node that violates one or more |
| of the expressions. The node that is most preferred |
| is the one with the greatest sum of weights, |
| i.e. for each node that meets all of the scheduling |
| requirements (resource request, requiredDuringScheduling |
| anti-affinity expressions, etc.), compute a |
| sum by iterating through the elements of this |
| field and adding "weight" to the sum if the |
| node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest |
| sum are the most preferred. |
| items: |
| description: The weights of all of the matched |
| WeightedPodAffinityTerm fields are added per-node |
| to find the most preferred node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set |
| of resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the |
| set of namespaces that the term applies |
| to. The term is applied to the union |
| of the namespaces selected by this |
| field and the ones listed in the namespaces |
| field. null selector and null or empty |
| namespaces list means "this pod's |
| namespace". An empty selector ({}) |
| matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a |
| static list of namespace names that |
| the term applies to. The term is applied |
| to the union of the namespaces listed |
| in this field and the ones selected |
| by namespaceSelector. null or empty |
| namespaces list and null namespaceSelector |
| means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where |
| co-located is defined as running on |
| a node whose value of the label with |
| key topologyKey matches that of any |
| node on which any of the selected |
| pods is running. Empty topologyKey |
| is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in |
| the range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the anti-affinity requirements |
| specified by this field are not met at scheduling |
| time, the pod will not be scheduled onto the |
| node. If the anti-affinity requirements specified |
| by this field cease to be met at some point |
| during pod execution (e.g. due to a pod label |
| update), the system may or may not try to eventually |
| evict the pod from its node. When there are |
| multiple elements, the lists of nodes corresponding |
| to each podAffinityTerm are intersected, i.e. |
| all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the |
| given namespace(s)) that this pod should be |
| co-located (affinity) or not co-located (anti-affinity) |
| with, where co-located is defined as running |
| on a node whose value of the label with key |
| <topologyKey> matches that of any node on |
| which a pod of the set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| type: object |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations specifies the annotations to |
| attach to zookeeper pods creates. |
| type: object |
| env: |
| description: List of environment variables to set in the |
| main ZK container. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are |
| expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Defaults |
| to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for |
| volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the |
| pod's namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| imagePullSecrets: |
| description: ImagePullSecrets is a list of references |
| to secrets in the same namespace to use for pulling |
| any images |
| items: |
| description: LocalObjectReference contains enough information |
| to let you locate the referenced object inside the |
| same namespace. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, |
| uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels specifies the labels to attach to |
| pods the operator creates for the zookeeper cluster. |
| type: object |
| nodeSelector: |
| additionalProperties: |
| type: string |
| description: Node Selector to be added on pods. |
| type: object |
| resources: |
| description: Resources is the resource requirements for |
| the Zookeeper container. |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used by |
| this container. \n This is an alpha field and requires |
| enabling the DynamicResourceAllocation feature gate. |
| \n This field is immutable. It can only be set for |
| containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one |
| entry in pod.spec.resourceClaims of the Pod |
| where this field is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is omitted |
| for a container, it defaults to Limits if that is |
| explicitly specified, otherwise to an implementation-defined |
| value. Requests cannot exceed Limits. More info: |
| https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| securityContext: |
| description: 'SecurityContext specifies the security context |
| for the entire zookeeper pod More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context' |
| properties: |
| fsGroup: |
| description: "A special supplemental group that applies |
| to all containers in a pod. Some volume types allow |
| the Kubelet to change the ownership of that volume |
| to be owned by the pod: \n 1. The owning GID will |
| be the FSGroup 2. The setgid bit is set (new files |
| created in the volume will be owned by FSGroup) |
| 3. The permission bits are OR'd with rw-rw---- \n |
| If unset, the Kubelet will not modify the ownership |
| and permissions of any volume. Note that this field |
| cannot be set when spec.os.name is windows." |
| format: int64 |
| type: integer |
| fsGroupChangePolicy: |
| description: 'fsGroupChangePolicy defines behavior |
| of changing ownership and permission of the volume |
| before being exposed inside Pod. This field will |
| only apply to volume types which support fsGroup |
| based ownership(and permissions). It will have no |
| effect on ephemeral volume types such as: secret, |
| configmaps and emptydir. Valid values are "OnRootMismatch" |
| and "Always". If not specified, "Always" is used. |
| Note that this field cannot be set when spec.os.name |
| is windows.' |
| type: string |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in SecurityContext. If set in both |
| SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence for |
| that container. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not |
| run as UID 0 (root) and fail to start the container |
| if it does. If unset or false, no such validation |
| will be performed. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified in |
| image metadata if unspecified. May also be set in |
| SecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| all containers. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence |
| for that container. Note that this field cannot |
| be set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by the containers |
| in this pod. Note that this field cannot be set |
| when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must be set if type is "Localhost". |
| Must NOT be set for any other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file on |
| the node should be used. RuntimeDefault - the |
| container runtime default profile should be |
| used. Unconfined - no profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| supplementalGroups: |
| description: A list of groups applied to the first |
| process run in each container, in addition to the |
| container's primary GID, the fsGroup (if specified), |
| and group memberships defined in the container image |
| for the uid of the container process. If unspecified, |
| no additional groups are added to any container. |
| Note that group memberships defined in the container |
| image for the uid of the container process are still |
| effective, even if they are not included in this |
| list. Note that this field cannot be set when spec.os.name |
| is windows. |
| items: |
| format: int64 |
| type: integer |
| type: array |
| sysctls: |
| description: Sysctls hold a list of namespaced sysctls |
| used for the pod. Pods with unsupported sysctls |
| (by the container runtime) might fail to launch. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| items: |
| description: Sysctl defines a kernel parameter to |
| be set |
| properties: |
| name: |
| description: Name of a property to set |
| type: string |
| value: |
| description: Value of a property to set |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options within |
| a container's SecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, if |
| HostProcess is true then HostNetwork must also |
| be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the |
| entrypoint of the container process. Defaults |
| to the user specified in image metadata if unspecified. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| serviceAccountName: |
| description: Optional Service Account to run the zookeeper |
| pods under. |
| type: string |
| terminationGracePeriodSeconds: |
| description: TerminationGracePeriodSeconds is the amount |
| of time that kubernetes will give for a zookeeper pod |
| instance to shutdown normally. The default value is |
| 30. |
| format: int64 |
| minimum: 0 |
| type: integer |
| tolerations: |
| description: Tolerations to be added on pods. |
| items: |
| description: The pod this Toleration is attached to |
| tolerates any taint that matches the triple <key,value,effect> |
| using the matching operator <operator>. |
| properties: |
| effect: |
| description: Effect indicates the taint effect to |
| match. Empty means match all taint effects. When |
| specified, allowed values are NoSchedule, PreferNoSchedule |
| and NoExecute. |
| type: string |
| key: |
| description: Key is the taint key that the toleration |
| applies to. Empty means match all taint keys. |
| If the key is empty, operator must be Exists; |
| this combination means to match all values and |
| all keys. |
| type: string |
| operator: |
| description: Operator represents a key's relationship |
| to the value. Valid operators are Exists and Equal. |
| Defaults to Equal. Exists is equivalent to wildcard |
| for value, so that a pod can tolerate all taints |
| of a particular category. |
| type: string |
| tolerationSeconds: |
| description: TolerationSeconds represents the period |
| of time the toleration (which must be of effect |
| NoExecute, otherwise this field is ignored) tolerates |
| the taint. By default, it is not set, which means |
| tolerate the taint forever (do not evict). Zero |
| and negative values will be treated as 0 (evict |
| immediately) by the system. |
| format: int64 |
| type: integer |
| value: |
| description: Value is the taint value the toleration |
| matches to. If the operator is Exists, the value |
| should be empty, otherwise just a regular string. |
| type: string |
| type: object |
| type: array |
| topologySpreadConstraints: |
| description: TopologySpreadConstraints to apply to the |
| pods |
| items: |
| description: TopologySpreadConstraint specifies how |
| to spread matching pods among the given topology. |
| properties: |
| labelSelector: |
| description: LabelSelector is used to find matching |
| pods. Pods that match this label selector are |
| counted to determine the number of pods in their |
| corresponding topology domain. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are |
| ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, a key, |
| and an operator that relates the key and |
| values. |
| properties: |
| key: |
| description: key is the label key that |
| the selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's |
| relationship to a set of values. Valid |
| operators are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. This |
| array is replaced during a strategic |
| merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is |
| "In", and the values array contains only "value". |
| The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| matchLabelKeys: |
| description: "MatchLabelKeys is a set of pod label |
| keys to select the pods over which spreading will |
| be calculated. The keys are used to lookup values |
| from the incoming pod labels, those key-value |
| labels are ANDed with labelSelector to select |
| the group of existing pods over which spreading |
| will be calculated for the incoming pod. The same |
| key is forbidden to exist in both MatchLabelKeys |
| and LabelSelector. MatchLabelKeys cannot be set |
| when LabelSelector isn't set. Keys that don't |
| exist in the incoming pod labels will be ignored. |
| A null or empty list means only match against |
| labelSelector. \n This is a beta field and requires |
| the MatchLabelKeysInPodTopologySpread feature |
| gate to be enabled (enabled by default)." |
| items: |
| type: string |
| type: array |
| x-kubernetes-list-type: atomic |
| maxSkew: |
| description: 'MaxSkew describes the degree to which |
| pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, |
| it is the maximum permitted difference between |
| the number of matching pods in the target topology |
| and the global minimum. The global minimum is |
| the minimum number of matching pods in an eligible |
| domain or zero if the number of eligible domains |
| is less than MinDomains. For example, in a 3-zone |
| cluster, MaxSkew is set to 1, and pods with the |
| same labelSelector spread as 2/2/1: In this case, |
| the global minimum is 1. | zone1 | zone2 | zone3 |
| | | P P | P P | P | - if MaxSkew is 1, |
| incoming pod can only be scheduled to zone3 to |
| become 2/2/2; scheduling it onto zone1(zone2) |
| would make the ActualSkew(3-1) on zone1(zone2) |
| violate MaxSkew(1). - if MaxSkew is 2, incoming |
| pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, |
| it is used to give higher precedence to topologies |
| that satisfy it. It''s a required field. Default |
| value is 1 and 0 is not allowed.' |
| format: int32 |
| type: integer |
| minDomains: |
| description: "MinDomains indicates a minimum number |
| of eligible domains. When the number of eligible |
| domains with matching topology keys is less than |
| minDomains, Pod Topology Spread treats \"global |
| minimum\" as 0, and then the calculation of Skew |
| is performed. And when the number of eligible |
| domains with matching topology keys equals or |
| greater than minDomains, this value has no effect |
| on scheduling. As a result, when the number of |
| eligible domains is less than minDomains, scheduler |
| won't schedule more than maxSkew Pods to those |
| domains. If value is nil, the constraint behaves |
| as if MinDomains is equal to 1. Valid values are |
| integers greater than 0. When value is not nil, |
| WhenUnsatisfiable must be DoNotSchedule. \n For |
| example, in a 3-zone cluster, MaxSkew is set to |
| 2, MinDomains is set to 5 and pods with the same |
| labelSelector spread as 2/2/2: | zone1 | zone2 |
| | zone3 | | P P | P P | P P | The number |
| of domains is less than 5(MinDomains), so \"global |
| minimum\" is treated as 0. In this situation, |
| new pod with the same labelSelector cannot be |
| scheduled, because computed skew will be 3(3 - |
| 0) if new Pod is scheduled to any of the three |
| zones, it will violate MaxSkew. \n This is a beta |
| field and requires the MinDomainsInPodTopologySpread |
| feature gate to be enabled (enabled by default)." |
| format: int32 |
| type: integer |
| nodeAffinityPolicy: |
| description: "NodeAffinityPolicy indicates how we |
| will treat Pod's nodeAffinity/nodeSelector when |
| calculating pod topology spread skew. Options |
| are: - Honor: only nodes matching nodeAffinity/nodeSelector |
| are included in the calculations. - Ignore: nodeAffinity/nodeSelector |
| are ignored. All nodes are included in the calculations. |
| \n If this value is nil, the behavior is equivalent |
| to the Honor policy. This is a beta-level feature |
| default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| nodeTaintsPolicy: |
| description: "NodeTaintsPolicy indicates how we |
| will treat node taints when calculating pod topology |
| spread skew. Options are: - Honor: nodes without |
| taints, along with tainted nodes for which the |
| incoming pod has a toleration, are included. - |
| Ignore: node taints are ignored. All nodes are |
| included. \n If this value is nil, the behavior |
| is equivalent to the Ignore policy. This is a |
| beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| topologyKey: |
| description: TopologyKey is the key of node labels. |
| Nodes that have a label with this key and identical |
| values are considered to be in the same topology. |
| We consider each <key, value> as a "bucket", and |
| try to put balanced number of pods into each bucket. |
| We define a domain as a particular instance of |
| a topology. Also, we define an eligible domain |
| as a domain whose nodes meet the requirements |
| of nodeAffinityPolicy and nodeTaintsPolicy. e.g. |
| If TopologyKey is "kubernetes.io/hostname", each |
| Node is a domain of that topology. And, if TopologyKey |
| is "topology.kubernetes.io/zone", each zone is |
| a domain of that topology. It's a required field. |
| type: string |
| whenUnsatisfiable: |
| description: 'WhenUnsatisfiable indicates how to |
| deal with a pod if it doesn''t satisfy the spread |
| constraint. - DoNotSchedule (default) tells the |
| scheduler not to schedule it. - ScheduleAnyway |
| tells the scheduler to schedule the pod in any |
| location, but giving higher precedence to topologies |
| that would help reduce the skew. A constraint |
| is considered "Unsatisfiable" for an incoming |
| pod if and only if every possible node assignment |
| for that pod would violate "MaxSkew" on some topology. |
| For example, in a 3-zone cluster, MaxSkew is set |
| to 1, and pods with the same labelSelector spread |
| as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | |
| If WhenUnsatisfiable is set to DoNotSchedule, |
| incoming pod can only be scheduled to zone2(zone3) |
| to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) |
| satisfies MaxSkew(1). In other words, the cluster |
| can still be imbalanced, but scheduler won''t |
| make it *more* imbalanced. It''s a required field.' |
| type: string |
| required: |
| - maxSkew |
| - topologyKey |
| - whenUnsatisfiable |
| type: object |
| type: array |
| type: object |
| type: object |
| type: object |
| type: object |
| status: |
| description: SolrCloudStatus defines the observed state of SolrCloud |
| properties: |
| backupRepositoriesAvailable: |
| additionalProperties: |
| type: boolean |
| description: BackupRepositoriesAvailable lists the backupRepositories |
| specified in the SolrCloud and whether they are available across |
| all Pods. |
| type: object |
| backupRestoreReady: |
| description: BackupRestoreReady announces whether the solrCloud has |
| the backupRestorePVC mounted to all pods and therefore is ready |
| for backups and restores. |
| type: boolean |
| externalCommonAddress: |
| description: ExternalCommonAddress is the external common http address |
| for all solr nodes. Will only be provided when an ingressUrl is |
| provided for the cloud |
| type: string |
| internalCommonAddress: |
| description: InternalCommonAddress is the internal common http address |
| for all solr nodes |
| type: string |
| podSelector: |
| description: PodSelector for SolrCloud pods, required by the HPA |
| type: string |
| readyReplicas: |
| default: 0 |
| description: ReadyReplicas is the number of ready pods in the cluster |
| format: int32 |
| minimum: 0 |
| type: integer |
| replicas: |
| default: 0 |
| description: Replicas is the number of pods created by the StatefulSet |
| format: int32 |
| minimum: 0 |
| type: integer |
| solrNodes: |
| description: SolrNodes contain the statuses of each solr node running |
| in this solr cloud. |
| items: |
| description: SolrNodeStatus is the status of a solrNode in the cloud, |
| with readiness status and internal and external addresses |
| properties: |
| externalAddress: |
| description: An address the node can be connected to from outside |
| of the Kube cluster Will only be provided when an ingressUrl |
| is provided for the cloud |
| type: string |
| internalAddress: |
| description: An address the node can be connected to from within |
| the Kube cluster |
| type: string |
| name: |
| description: The name of the pod running the node |
| type: string |
| nodeName: |
| description: The name of the Kubernetes Node which the pod is |
| running on |
| type: string |
| ready: |
| description: Is the node up and running |
| type: boolean |
| scheduledForDeletion: |
| description: This Solr Node pod is scheduled for deletion |
| type: boolean |
| specUpToDate: |
| description: This Solr Node pod is using the latest version |
| of solrcloud pod spec. |
| type: boolean |
| version: |
| description: The version of solr that the node is running |
| type: string |
| required: |
| - internalAddress |
| - name |
| - nodeName |
| - ready |
| - specUpToDate |
| - version |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| targetVersion: |
| description: The version of solr that the cloud is meant to be running. |
| Will only be provided when the cloud is migrating between versions |
| type: string |
| upToDateNodes: |
| default: 0 |
| description: UpToDateNodes is the number of Solr Node pods that are |
| running the latest pod spec |
| format: int32 |
| minimum: 0 |
| type: integer |
| version: |
| description: The version of solr that the cloud is running |
| type: string |
| zookeeperConnectionInfo: |
| description: ZookeeperConnectionInfo is the information on how to |
| connect to the used Zookeeper |
| properties: |
| acl: |
| description: ZooKeeper ACL to use when connecting with ZK. This |
| ACL should have ALL permission in the given chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret that |
| contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that stores |
| the username and password for the ACL. This secret must |
| be in the same namespace as the solrCloud or prometheusExporter |
| is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret that |
| contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| chroot: |
| description: The ChRoot to connect solr at |
| type: string |
| externalConnectionString: |
| description: The connection string to connect to the ensemble |
| from outside of the Kubernetes cluster If external and no internal |
| connection string is provided, the external cnx string will |
| be used as the internal cnx string |
| type: string |
| internalConnectionString: |
| description: The connection string to connect to the ensemble |
| from within the Kubernetes cluster |
| type: string |
| readOnlyAcl: |
| description: ZooKeeper ACL to use when connecting with ZK for |
| reading operations. This ACL should have READ permission in |
| the given chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret that |
| contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that stores |
| the username and password for the ACL. This secret must |
| be in the same namespace as the solrCloud or prometheusExporter |
| is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret that |
| contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| type: object |
| required: |
| - internalCommonAddress |
| - podSelector |
| - readyReplicas |
| - replicas |
| - solrNodes |
| - upToDateNodes |
| - version |
| - zookeeperConnectionInfo |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| scale: |
| labelSelectorPath: .status.podSelector |
| specReplicasPath: .spec.replicas |
| statusReplicasPath: .status.readyReplicas |
| status: {} |
| --- |
| apiVersion: apiextensions.k8s.io/v1 |
| kind: CustomResourceDefinition |
| metadata: |
| annotations: |
| operator.solr.apache.org/version: v0.8.2-prerelease |
| argocd.argoproj.io/sync-options: Replace=true |
| controller-gen.kubebuilder.io/version: v0.10.0 |
| creationTimestamp: null |
| name: solrprometheusexporters.solr.apache.org |
| spec: |
| group: solr.apache.org |
| names: |
| kind: SolrPrometheusExporter |
| listKind: SolrPrometheusExporterList |
| plural: solrprometheusexporters |
| shortNames: |
| - solrmetrics |
| singular: solrprometheusexporter |
| scope: Namespaced |
| versions: |
| - additionalPrinterColumns: |
| - description: Whether the prometheus exporter is ready |
| jsonPath: .status.ready |
| name: Ready |
| type: boolean |
| - description: Scrape interval for metrics (in ms) |
| jsonPath: .spec.scrapeInterval |
| name: Scrape Interval |
| type: integer |
| - jsonPath: .metadata.creationTimestamp |
| name: Age |
| type: date |
| name: v1beta1 |
| schema: |
| openAPIV3Schema: |
| description: SolrPrometheusExporter is the Schema for the solrprometheusexporters |
| API |
| properties: |
| apiVersion: |
| description: 'APIVersion defines the versioned schema of this representation |
| of an object. Servers should convert recognized schemas to the latest |
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| type: string |
| kind: |
| description: 'Kind is a string value representing the REST resource this |
| object represents. Servers may infer this from the endpoint the client |
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| type: string |
| metadata: |
| type: object |
| spec: |
| description: SolrPrometheusExporterSpec defines the desired state of SolrPrometheusExporter |
| properties: |
| busyBoxImage: |
| description: An initContainer is needed to create a wrapper script |
| around the exporter entrypoint when TLS is enabled with the `spec.solrReference.solrTLS.mountedTLSDir` |
| option |
| properties: |
| imagePullSecret: |
| type: string |
| pullPolicy: |
| description: PullPolicy describes a policy for if/when to pull |
| a container image |
| type: string |
| repository: |
| type: string |
| tag: |
| type: string |
| type: object |
| customKubeOptions: |
| description: Provide custom options for kubernetes objects created |
| for the SolrPrometheusExporter. |
| properties: |
| configMapOptions: |
| description: ServiceOptions defines the custom options for the |
| solrPrometheusExporter ConfigMap. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the ConfigMap. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the ConfigMap. |
| type: object |
| providedConfigMap: |
| description: Name of a user provided ConfigMap in the same |
| namespace containing a custom solr.xml |
| type: string |
| type: object |
| deploymentOptions: |
| description: DeploymentOptions defines the custom options for |
| the solrPrometheusExporter Deployment. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the Deployment. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the Deployment. |
| type: object |
| type: object |
| podOptions: |
| description: SolrPodOptions defines the custom options for the |
| solrPrometheusExporter pods. |
| properties: |
| affinity: |
| description: The scheduling constraints on pods. |
| properties: |
| nodeAffinity: |
| description: Describes node affinity scheduling rules |
| for the pod. |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a node |
| that violates one or more of the expressions. The |
| node that is most preferred is the one with the |
| greatest sum of weights, i.e. for each node that |
| meets all of the scheduling requirements (resource |
| request, requiredDuringScheduling affinity expressions, |
| etc.), compute a sum by iterating through the elements |
| of this field and adding "weight" to the sum if |
| the node matches the corresponding matchExpressions; |
| the node(s) with the highest sum are the most preferred. |
| items: |
| description: An empty preferred scheduling term |
| matches all objects with implicit weight 0 (i.e. |
| it's a no-op). A null preferred scheduling term |
| matches no objects (i.e. is also a no-op). |
| properties: |
| preference: |
| description: A node selector term, associated |
| with the corresponding weight. |
| properties: |
| matchExpressions: |
| description: A list of node selector requirements |
| by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector requirements |
| by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| weight: |
| description: Weight associated with matching |
| the corresponding nodeSelectorTerm, in the |
| range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - preference |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, the |
| pod will not be scheduled onto the node. If the |
| affinity requirements specified by this field cease |
| to be met at some point during pod execution (e.g. |
| due to an update), the system may or may not try |
| to eventually evict the pod from its node. |
| properties: |
| nodeSelectorTerms: |
| description: Required. A list of node selector |
| terms. The terms are ORed. |
| items: |
| description: A null or empty node selector term |
| matches no objects. The requirements of them |
| are ANDed. The TopologySelectorTerm type implements |
| a subset of the NodeSelectorTerm. |
| properties: |
| matchExpressions: |
| description: A list of node selector requirements |
| by node's labels. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchFields: |
| description: A list of node selector requirements |
| by node's fields. |
| items: |
| description: A node selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: The label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: Represents a key's relationship |
| to a set of values. Valid operators |
| are In, NotIn, Exists, DoesNotExist. |
| Gt, and Lt. |
| type: string |
| values: |
| description: An array of string values. |
| If the operator is In or NotIn, |
| the values array must be non-empty. |
| If the operator is Exists or DoesNotExist, |
| the values array must be empty. |
| If the operator is Gt or Lt, the |
| values array must have a single |
| element, which will be interpreted |
| as an integer. This array is replaced |
| during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| required: |
| - nodeSelectorTerms |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| podAffinity: |
| description: Describes pod affinity scheduling rules (e.g. |
| co-locate this pod in the same node, zone, etc. as some |
| other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the affinity expressions |
| specified by this field, but it may choose a node |
| that violates one or more of the expressions. The |
| node that is most preferred is the one with the |
| greatest sum of weights, i.e. for each node that |
| meets all of the scheduling requirements (resource |
| request, requiredDuringScheduling affinity expressions, |
| etc.), compute a sum by iterating through the elements |
| of this field and adding "weight" to the sum if |
| the node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest sum |
| are the most preferred. |
| items: |
| description: The weights of all of the matched WeightedPodAffinityTerm |
| fields are added per-node to find the most preferred |
| node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in the |
| range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the affinity requirements specified |
| by this field are not met at scheduling time, the |
| pod will not be scheduled onto the node. If the |
| affinity requirements specified by this field cease |
| to be met at some point during pod execution (e.g. |
| due to a pod label update), the system may or may |
| not try to eventually evict the pod from its node. |
| When there are multiple elements, the lists of nodes |
| corresponding to each podAffinityTerm are intersected, |
| i.e. all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the given |
| namespace(s)) that this pod should be co-located |
| (affinity) or not co-located (anti-affinity) with, |
| where co-located is defined as running on a node |
| whose value of the label with key <topologyKey> |
| matches that of any node on which a pod of the |
| set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by |
| this field and the ones listed in the namespaces |
| field. null selector and null or empty namespaces |
| list means "this pod's namespace". An empty |
| selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. |
| The term is applied to the union of the namespaces |
| listed in this field and the ones selected |
| by namespaceSelector. null or empty namespaces |
| list and null namespaceSelector means "this |
| pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the |
| pods matching the labelSelector in the specified |
| namespaces, where co-located is defined as |
| running on a node whose value of the label |
| with key topologyKey matches that of any node |
| on which any of the selected pods is running. |
| Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| podAntiAffinity: |
| description: Describes pod anti-affinity scheduling rules |
| (e.g. avoid putting this pod in the same node, zone, |
| etc. as some other pod(s)). |
| properties: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| description: The scheduler will prefer to schedule |
| pods to nodes that satisfy the anti-affinity expressions |
| specified by this field, but it may choose a node |
| that violates one or more of the expressions. The |
| node that is most preferred is the one with the |
| greatest sum of weights, i.e. for each node that |
| meets all of the scheduling requirements (resource |
| request, requiredDuringScheduling anti-affinity |
| expressions, etc.), compute a sum by iterating through |
| the elements of this field and adding "weight" to |
| the sum if the node has pods which matches the corresponding |
| podAffinityTerm; the node(s) with the highest sum |
| are the most preferred. |
| items: |
| description: The weights of all of the matched WeightedPodAffinityTerm |
| fields are added per-node to find the most preferred |
| node(s) |
| properties: |
| podAffinityTerm: |
| description: Required. A pod affinity term, |
| associated with the corresponding weight. |
| properties: |
| labelSelector: |
| description: A label query over a set of |
| resources, in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set |
| of namespaces that the term applies to. |
| The term is applied to the union of the |
| namespaces selected by this field and |
| the ones listed in the namespaces field. |
| null selector and null or empty namespaces |
| list means "this pod's namespace". An |
| empty selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The |
| requirements are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to a set |
| of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array |
| of string values. If the operator |
| is In or NotIn, the values array |
| must be non-empty. If the operator |
| is Exists or DoesNotExist, the |
| values array must be empty. |
| This array is replaced during |
| a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of |
| {key,value} pairs. A single {key,value} |
| in the matchLabels map is equivalent |
| to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are |
| ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static |
| list of namespace names that the term |
| applies to. The term is applied to the |
| union of the namespaces listed in this |
| field and the ones selected by namespaceSelector. |
| null or empty namespaces list and null |
| namespaceSelector means "this pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located |
| (affinity) or not co-located (anti-affinity) |
| with the pods matching the labelSelector |
| in the specified namespaces, where co-located |
| is defined as running on a node whose |
| value of the label with key topologyKey |
| matches that of any node on which any |
| of the selected pods is running. Empty |
| topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| weight: |
| description: weight associated with matching |
| the corresponding podAffinityTerm, in the |
| range 1-100. |
| format: int32 |
| type: integer |
| required: |
| - podAffinityTerm |
| - weight |
| type: object |
| type: array |
| requiredDuringSchedulingIgnoredDuringExecution: |
| description: If the anti-affinity requirements specified |
| by this field are not met at scheduling time, the |
| pod will not be scheduled onto the node. If the |
| anti-affinity requirements specified by this field |
| cease to be met at some point during pod execution |
| (e.g. due to a pod label update), the system may |
| or may not try to eventually evict the pod from |
| its node. When there are multiple elements, the |
| lists of nodes corresponding to each podAffinityTerm |
| are intersected, i.e. all terms must be satisfied. |
| items: |
| description: Defines a set of pods (namely those |
| matching the labelSelector relative to the given |
| namespace(s)) that this pod should be co-located |
| (affinity) or not co-located (anti-affinity) with, |
| where co-located is defined as running on a node |
| whose value of the label with key <topologyKey> |
| matches that of any node on which a pod of the |
| set of pods is running |
| properties: |
| labelSelector: |
| description: A label query over a set of resources, |
| in this case pods. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaceSelector: |
| description: A label query over the set of namespaces |
| that the term applies to. The term is applied |
| to the union of the namespaces selected by |
| this field and the ones listed in the namespaces |
| field. null selector and null or empty namespaces |
| list means "this pod's namespace". An empty |
| selector ({}) matches all namespaces. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list |
| of label selector requirements. The requirements |
| are ANDed. |
| items: |
| description: A label selector requirement |
| is a selector that contains values, |
| a key, and an operator that relates |
| the key and values. |
| properties: |
| key: |
| description: key is the label key |
| that the selector applies to. |
| type: string |
| operator: |
| description: operator represents a |
| key's relationship to a set of values. |
| Valid operators are In, NotIn, Exists |
| and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of |
| string values. If the operator is |
| In or NotIn, the values array must |
| be non-empty. If the operator is |
| Exists or DoesNotExist, the values |
| array must be empty. This array |
| is replaced during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator |
| is "In", and the values array contains |
| only "value". The requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| namespaces: |
| description: namespaces specifies a static list |
| of namespace names that the term applies to. |
| The term is applied to the union of the namespaces |
| listed in this field and the ones selected |
| by namespaceSelector. null or empty namespaces |
| list and null namespaceSelector means "this |
| pod's namespace". |
| items: |
| type: string |
| type: array |
| topologyKey: |
| description: This pod should be co-located (affinity) |
| or not co-located (anti-affinity) with the |
| pods matching the labelSelector in the specified |
| namespaces, where co-located is defined as |
| running on a node whose value of the label |
| with key topologyKey matches that of any node |
| on which any of the selected pods is running. |
| Empty topologyKey is not allowed. |
| type: string |
| required: |
| - topologyKey |
| type: object |
| type: array |
| type: object |
| type: object |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for pods. |
| type: object |
| defaultInitContainerResources: |
| description: DefaultInitContainerResources are the resource |
| requirements for the default init container(s) created by |
| the Solr Operator, if any are created. |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where this |
| field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of compute |
| resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount of |
| compute resources required. If Requests is omitted for |
| a container, it defaults to Limits if that is explicitly |
| specified, otherwise to an implementation-defined value. |
| Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| envVars: |
| description: Additional environment variables to pass to the |
| default container. |
| items: |
| description: EnvVar represents an environment variable present |
| in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. Must |
| be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) are expanded |
| using the previously defined environment variables |
| in the container and any service environment variables. |
| If a variable cannot be resolved, the reference in |
| the input string will be unchanged. Double $$ are |
| reduced to a single $, which allows for escaping the |
| $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Defaults to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's value. |
| Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap or |
| its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: supports |
| metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, |
| `metadata.annotations[''<KEY>'']`, spec.nodeName, |
| spec.serviceAccountName, status.hostIP, status.podIP, |
| status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the FieldPath |
| is written in terms of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select in |
| the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, requests.cpu, |
| requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format of |
| the exposed resources, defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in the pod's |
| namespace |
| properties: |
| key: |
| description: The key of the secret to select |
| from. Must be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its |
| key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| imagePullSecrets: |
| description: ImagePullSecrets to apply to the pod. These are |
| for init/sidecarContainers in addition to the imagePullSecret |
| defined for the solr image. |
| items: |
| description: LocalObjectReference contains enough information |
| to let you locate the referenced object inside the same |
| namespace. |
| properties: |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| type: array |
| initContainers: |
| description: Additional init containers to run in the pod. |
| These will run along with the init container that sets up |
| the "solr.xml". |
| items: |
| description: A single application container that you want |
| to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. If |
| a variable cannot be resolved, the reference in the |
| input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists |
| or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in |
| the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Defaults |
| to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container is |
| starting. When a key exists in multiple sources, the |
| value associated with the last source will take precedence. |
| Values defined by an Env with a duplicate key will |
| take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of |
| a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag is |
| specified, or IfNotPresent otherwise. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. Cannot |
| be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, |
| the container is terminated and restarted according |
| to its restart policy. Other management of the |
| container blocks until the hook completes. More |
| info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup probe |
| failure, preemption, resource contention, etc. |
| The handler is not called if the container crashes |
| or exits. The Pod''s termination grace period |
| countdown begins before the PreStop hook is executed. |
| Regardless of the outcome of the handler, the |
| container will eventually terminate within the |
| Pod''s termination grace period (unless delayed |
| by finalizers). Other management of the container |
| blocks until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on |
| the default "0.0.0.0" address inside a container will |
| be accessible from the network. Modifying this array |
| with strategic merge patch may corrupt the data. For |
| more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port |
| in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, |
| 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in |
| a pod must have a unique name. Name for the |
| port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this |
| resource resize policy applies. Supported values: |
| cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It can |
| only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one |
| entry in pod.spec.resourceClaims of the |
| Pod where this field is used. It makes that |
| resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| restartPolicy: |
| description: 'RestartPolicy defines the restart behavior |
| of individual containers in a pod. This field may |
| only be set for init containers, and the only allowed |
| value is "Always". For non-init containers or when |
| this field is not specified, the restart behavior |
| is defined by the Pod''s restart policy and the container |
| type. Setting the RestartPolicy as "Always" for the |
| init container will have the following effect: this |
| init container will be continually restarted on exit |
| until all regular containers have terminated. Once |
| all regular containers have completed, all init containers |
| with restartPolicy "Always" will be shut down. This |
| lifecycle differs from normal init containers and |
| is often referred to as a "sidecar" container. Although |
| this init container still starts in the init container |
| sequence, it does not wait for the container to complete |
| before proceeding to the next init container. Instead, |
| the next init container starts immediately after this |
| init container is started, or after any startupProbe |
| has successfully completed.' |
| type: string |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields |
| of SecurityContext override the equivalent fields |
| of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the container |
| process. AllowPrivilegeEscalation is true always |
| when the container is: 1) run as Privileged 2) |
| has CAP_SYS_ADMIN Note that this field cannot |
| be set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default is |
| DefaultProcMount which uses the container runtime |
| defaults for readonly paths and masked paths. |
| This requires the ProcMountType feature flag to |
| be enabled. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will |
| validate the image at runtime to ensure that it |
| does not run as UID 0 (root) and fail to start |
| the container if it does. If unset or false, no |
| such validation will be performed. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| the container. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must be set if type is "Localhost". |
| Must NOT be set for any other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file |
| on the node should be used. RuntimeDefault |
| - the container runtime default profile should |
| be used. Unconfined - no profile should be |
| applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. Defaults |
| to the user specified in image metadata if |
| unspecified. May also be set in PodSecurityContext. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has |
| successfully initialized. If specified, no other probes |
| are executed until this completes successfully. If |
| this probe fails, the Pod will be restarted, just |
| as if the livenessProbe failed. This can be used to |
| provide different probe parameters at the beginning |
| of a Pod''s lifecycle, when it might take a long time |
| to load data or warm a cache, than during steady-state |
| operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If this |
| is not set, reads from stdin in the container will |
| always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce |
| is set to true, stdin is opened on container start, |
| is empty until the first client attaches to stdin, |
| and then remains open and accepts data until the client |
| disconnects, at which time stdin is closed and remains |
| closed until the container is restarted. If this flag |
| is false, a container processes that reads from stdin |
| will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written |
| is mounted into the container''s filesystem. Message |
| written is intended to be brief final status, such |
| as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last |
| chunk of container log output if the termination message |
| file is empty and the container exited with an error. |
| The log output is limited to 2048 bytes or 80 lines, |
| whichever is smaller. Defaults to File. Cannot be |
| updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a |
| raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a |
| Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment |
| variable references $(VAR_NAME) are expanded |
| using the container's environment. Defaults |
| to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which |
| might be configured in the container image. Cannot |
| be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for pods. |
| type: object |
| lifecycle: |
| description: Lifecycle for the main container |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after a |
| container is created. If the handler fails, the container |
| is terminated and restarted according to its restart |
| policy. Other management of the container blocks until |
| the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory |
| for the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it |
| is not run inside a shell, so traditional shell |
| instructions ('|', etc) won't work. To use a |
| shell, you need to explicitly call out to that |
| shell. Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to |
| perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this field |
| and lifecycle hooks will fail in runtime when tcp |
| handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before a container |
| is terminated due to an API request or management event |
| such as liveness/startup probe failure, preemption, |
| resource contention, etc. The handler is not called |
| if the container crashes or exits. The Pod''s termination |
| grace period countdown begins before the PreStop hook |
| is executed. Regardless of the outcome of the handler, |
| the container will eventually terminate within the Pod''s |
| termination grace period (unless delayed by finalizers). |
| Other management of the container blocks until the hook |
| completes or until the termination grace period is reached. |
| More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory |
| for the command is root ('/') in the container's |
| filesystem. The command is simply exec'd, it |
| is not run inside a shell, so traditional shell |
| instructions ('|', etc) won't work. To use a |
| shell, you need to explicitly call out to that |
| shell. Exit status of 0 is treated as live/healthy |
| and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to |
| perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the |
| host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of this field |
| and lifecycle hooks will fail in runtime when tcp |
| handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, |
| defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: Liveness probe parameters |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| nodeSelector: |
| additionalProperties: |
| type: string |
| description: Node Selector to be added for the StatefulSet. |
| type: object |
| podSecurityContext: |
| description: PodSecurityContext is the security context for |
| the pod. |
| properties: |
| fsGroup: |
| description: "A special supplemental group that applies |
| to all containers in a pod. Some volume types allow |
| the Kubelet to change the ownership of that volume to |
| be owned by the pod: \n 1. The owning GID will be the |
| FSGroup 2. The setgid bit is set (new files created |
| in the volume will be owned by FSGroup) 3. The permission |
| bits are OR'd with rw-rw---- \n If unset, the Kubelet |
| will not modify the ownership and permissions of any |
| volume. Note that this field cannot be set when spec.os.name |
| is windows." |
| format: int64 |
| type: integer |
| fsGroupChangePolicy: |
| description: 'fsGroupChangePolicy defines behavior of |
| changing ownership and permission of the volume before |
| being exposed inside Pod. This field will only apply |
| to volume types which support fsGroup based ownership(and |
| permissions). It will have no effect on ephemeral volume |
| types such as: secret, configmaps and emptydir. Valid |
| values are "OnRootMismatch" and "Always". If not specified, |
| "Always" is used. Note that this field cannot be set |
| when spec.os.name is windows.' |
| type: string |
| runAsGroup: |
| description: The GID to run the entrypoint of the container |
| process. Uses runtime default if unset. May also be |
| set in SecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run as |
| a non-root user. If true, the Kubelet will validate |
| the image at runtime to ensure that it does not run |
| as UID 0 (root) and fail to start the container if it |
| does. If unset or false, no such validation will be |
| performed. May also be set in SecurityContext. If set |
| in both SecurityContext and PodSecurityContext, the |
| value specified in SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the container |
| process. Defaults to user specified in image metadata |
| if unspecified. May also be set in SecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence |
| for that container. Note that this field cannot be set |
| when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to all |
| containers. If unspecified, the container runtime will |
| allocate a random SELinux context for each container. May |
| also be set in SecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence for that container. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that applies |
| to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that applies |
| to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that applies |
| to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that applies |
| to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by the containers |
| in this pod. Note that this field cannot be set when |
| spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. The |
| profile must be preconfigured on the node to work. |
| Must be a descending path, relative to the kubelet's |
| configured seccomp profile location. Must be set |
| if type is "Localhost". Must NOT be set for any |
| other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: \n Localhost |
| - a profile defined in a file on the node should |
| be used. RuntimeDefault - the container runtime |
| default profile should be used. Unconfined - no |
| profile should be applied." |
| type: string |
| required: |
| - type |
| type: object |
| supplementalGroups: |
| description: A list of groups applied to the first process |
| run in each container, in addition to the container's |
| primary GID, the fsGroup (if specified), and group memberships |
| defined in the container image for the uid of the container |
| process. If unspecified, no additional groups are added |
| to any container. Note that group memberships defined |
| in the container image for the uid of the container |
| process are still effective, even if they are not included |
| in this list. Note that this field cannot be set when |
| spec.os.name is windows. |
| items: |
| format: int64 |
| type: integer |
| type: array |
| sysctls: |
| description: Sysctls hold a list of namespaced sysctls |
| used for the pod. Pods with unsupported sysctls (by |
| the container runtime) might fail to launch. Note that |
| this field cannot be set when spec.os.name is windows. |
| items: |
| description: Sysctl defines a kernel parameter to be |
| set |
| properties: |
| name: |
| description: Name of a property to set |
| type: string |
| value: |
| description: Value of a property to set |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| windowsOptions: |
| description: The Windows specific settings applied to |
| all containers. If unspecified, the options within a |
| container's SecurityContext will be used. If set in |
| both SecurityContext and PodSecurityContext, the value |
| specified in SecurityContext takes precedence. Note |
| that this field cannot be set when spec.os.name is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the GMSA |
| admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential spec |
| named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name of |
| the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. All |
| of a Pod's containers must have the same effective |
| HostProcess value (it is not allowed to have a mix |
| of HostProcess containers and non-HostProcess containers). |
| In addition, if HostProcess is true then HostNetwork |
| must also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run the entrypoint |
| of the container process. Defaults to the user specified |
| in image metadata if unspecified. May also be set |
| in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in SecurityContext |
| takes precedence. |
| type: string |
| type: object |
| type: object |
| priorityClassName: |
| description: PriorityClassName for the pod |
| type: string |
| readinessProbe: |
| description: Readiness probe parameters |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resources: |
| description: Resources is the resource requirements for the |
| default container. |
| properties: |
| claims: |
| description: "Claims lists the names of resources, defined |
| in spec.resourceClaims, that are used by this container. |
| \n This is an alpha field and requires enabling the |
| DynamicResourceAllocation feature gate. \n This field |
| is immutable. It can only be set for containers." |
| items: |
| description: ResourceClaim references one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one entry |
| in pod.spec.resourceClaims of the Pod where this |
| field is used. It makes that resource available |
| inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount of compute |
| resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount of |
| compute resources required. If Requests is omitted for |
| a container, it defaults to Limits if that is explicitly |
| specified, otherwise to an implementation-defined value. |
| Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| serviceAccountName: |
| description: Optional Service Account to run the pod under. |
| type: string |
| sidecarContainers: |
| description: Sidecar containers to run in the pod. These are |
| in addition to the Solr Container |
| items: |
| description: A single application container that you want |
| to run within a pod. |
| properties: |
| args: |
| description: 'Arguments to the entrypoint. The container |
| image''s CMD is used if this is not provided. Variable |
| references $(VAR_NAME) are expanded using the container''s |
| environment. If a variable cannot be resolved, the |
| reference in the input string will be unchanged. Double |
| $$ are reduced to a single $, which allows for escaping |
| the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce |
| the string literal "$(VAR_NAME)". Escaped references |
| will never be expanded, regardless of whether the |
| variable exists or not. Cannot be updated. More info: |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| command: |
| description: 'Entrypoint array. Not executed within |
| a shell. The container image''s ENTRYPOINT is used |
| if this is not provided. Variable references $(VAR_NAME) |
| are expanded using the container''s environment. If |
| a variable cannot be resolved, the reference in the |
| input string will be unchanged. Double $$ are reduced |
| to a single $, which allows for escaping the $(VAR_NAME) |
| syntax: i.e. "$$(VAR_NAME)" will produce the string |
| literal "$(VAR_NAME)". Escaped references will never |
| be expanded, regardless of whether the variable exists |
| or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' |
| items: |
| type: string |
| type: array |
| env: |
| description: List of environment variables to set in |
| the container. Cannot be updated. |
| items: |
| description: EnvVar represents an environment variable |
| present in a Container. |
| properties: |
| name: |
| description: Name of the environment variable. |
| Must be a C_IDENTIFIER. |
| type: string |
| value: |
| description: 'Variable references $(VAR_NAME) |
| are expanded using the previously defined environment |
| variables in the container and any service environment |
| variables. If a variable cannot be resolved, |
| the reference in the input string will be unchanged. |
| Double $$ are reduced to a single $, which allows |
| for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" |
| will produce the string literal "$(VAR_NAME)". |
| Escaped references will never be expanded, regardless |
| of whether the variable exists or not. Defaults |
| to "".' |
| type: string |
| valueFrom: |
| description: Source for the environment variable's |
| value. Cannot be used if value is not empty. |
| properties: |
| configMapKeyRef: |
| description: Selects a key of a ConfigMap. |
| properties: |
| key: |
| description: The key to select. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| fieldRef: |
| description: 'Selects a field of the pod: |
| supports metadata.name, metadata.namespace, |
| `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, |
| spec.nodeName, spec.serviceAccountName, |
| status.hostIP, status.podIP, status.podIPs.' |
| properties: |
| apiVersion: |
| description: Version of the schema the |
| FieldPath is written in terms of, defaults |
| to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to select |
| in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| resourceFieldRef: |
| description: 'Selects a resource of the container: |
| only resources limits and requests (limits.cpu, |
| limits.memory, limits.ephemeral-storage, |
| requests.cpu, requests.memory and requests.ephemeral-storage) |
| are currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output format |
| of the exposed resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| secretKeyRef: |
| description: Selects a key of a secret in |
| the pod's namespace |
| properties: |
| key: |
| description: The key of the secret to |
| select from. Must be a valid secret |
| key. |
| type: string |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret |
| or its key must be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| required: |
| - name |
| type: object |
| type: array |
| envFrom: |
| description: List of sources to populate environment |
| variables in the container. The keys defined within |
| a source must be a C_IDENTIFIER. All invalid keys |
| will be reported as an event when the container is |
| starting. When a key exists in multiple sources, the |
| value associated with the last source will take precedence. |
| Values defined by an Env with a duplicate key will |
| take precedence. Cannot be updated. |
| items: |
| description: EnvFromSource represents the source of |
| a set of ConfigMaps |
| properties: |
| configMapRef: |
| description: The ConfigMap to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the ConfigMap |
| must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| prefix: |
| description: An optional identifier to prepend |
| to each key in the ConfigMap. Must be a C_IDENTIFIER. |
| type: string |
| secretRef: |
| description: The Secret to select from |
| properties: |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| type: object |
| type: array |
| image: |
| description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images |
| This field is optional to allow higher level config |
| management to default or override container images |
| in workload controllers like Deployments and StatefulSets.' |
| type: string |
| imagePullPolicy: |
| description: 'Image pull policy. One of Always, Never, |
| IfNotPresent. Defaults to Always if :latest tag is |
| specified, or IfNotPresent otherwise. Cannot be updated. |
| More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' |
| type: string |
| lifecycle: |
| description: Actions that the management system should |
| take in response to container lifecycle events. Cannot |
| be updated. |
| properties: |
| postStart: |
| description: 'PostStart is called immediately after |
| a container is created. If the handler fails, |
| the container is terminated and restarted according |
| to its restart policy. Other management of the |
| container blocks until the hook completes. More |
| info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| preStop: |
| description: 'PreStop is called immediately before |
| a container is terminated due to an API request |
| or management event such as liveness/startup probe |
| failure, preemption, resource contention, etc. |
| The handler is not called if the container crashes |
| or exits. The Pod''s termination grace period |
| countdown begins before the PreStop hook is executed. |
| Regardless of the outcome of the handler, the |
| container will eventually terminate within the |
| Pod''s termination grace period (unless delayed |
| by finalizers). Other management of the container |
| blocks until the hook completes or until the termination |
| grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line |
| to execute inside the container, the working |
| directory for the command is root ('/') |
| in the container's filesystem. The command |
| is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions |
| ('|', etc) won't work. To use a shell, |
| you need to explicitly call out to that |
| shell. Exit status of 0 is treated as |
| live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set |
| "Host" in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the |
| request. HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. |
| This will be canonicalized upon |
| output, so case-variant names will |
| be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP |
| server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting |
| to the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| tcpSocket: |
| description: Deprecated. TCPSocket is NOT supported |
| as a LifecycleHandler and kept for the backward |
| compatibility. There are no validation of |
| this field and lifecycle hooks will fail in |
| runtime when tcp handler is specified. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port |
| to access on the container. Number must |
| be in the range 1 to 65535. Name must |
| be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| type: object |
| type: object |
| livenessProbe: |
| description: 'Periodic probe of container liveness. |
| Container will be restarted if the probe fails. Cannot |
| be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| name: |
| description: Name of the container specified as a DNS_LABEL. |
| Each container in a pod must have a unique name (DNS_LABEL). |
| Cannot be updated. |
| type: string |
| ports: |
| description: List of ports to expose from the container. |
| Not specifying a port here DOES NOT prevent that port |
| from being exposed. Any port which is listening on |
| the default "0.0.0.0" address inside a container will |
| be accessible from the network. Modifying this array |
| with strategic merge patch may corrupt the data. For |
| more information See https://github.com/kubernetes/kubernetes/issues/108255. |
| Cannot be updated. |
| items: |
| description: ContainerPort represents a network port |
| in a single container. |
| properties: |
| containerPort: |
| description: Number of port to expose on the pod's |
| IP address. This must be a valid port number, |
| 0 < x < 65536. |
| format: int32 |
| type: integer |
| hostIP: |
| description: What host IP to bind the external |
| port to. |
| type: string |
| hostPort: |
| description: Number of port to expose on the host. |
| If specified, this must be a valid port number, |
| 0 < x < 65536. If HostNetwork is specified, |
| this must match ContainerPort. Most containers |
| do not need this. |
| format: int32 |
| type: integer |
| name: |
| description: If specified, this must be an IANA_SVC_NAME |
| and unique within the pod. Each named port in |
| a pod must have a unique name. Name for the |
| port that can be referred to by services. |
| type: string |
| protocol: |
| default: TCP |
| description: Protocol for port. Must be UDP, TCP, |
| or SCTP. Defaults to "TCP". |
| type: string |
| required: |
| - containerPort |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - containerPort |
| - protocol |
| x-kubernetes-list-type: map |
| readinessProbe: |
| description: 'Periodic probe of container service readiness. |
| Container will be removed from service endpoints if |
| the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| resizePolicy: |
| description: Resources resize policy for the container. |
| items: |
| description: ContainerResizePolicy represents resource |
| resize policy for the container. |
| properties: |
| resourceName: |
| description: 'Name of the resource to which this |
| resource resize policy applies. Supported values: |
| cpu, memory.' |
| type: string |
| restartPolicy: |
| description: Restart policy to apply when specified |
| resource is resized. If not specified, it defaults |
| to NotRequired. |
| type: string |
| required: |
| - resourceName |
| - restartPolicy |
| type: object |
| type: array |
| x-kubernetes-list-type: atomic |
| resources: |
| description: 'Compute Resources required by this container. |
| Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| properties: |
| claims: |
| description: "Claims lists the names of resources, |
| defined in spec.resourceClaims, that are used |
| by this container. \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is immutable. It can |
| only be set for containers." |
| items: |
| description: ResourceClaim references one entry |
| in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match the name of one |
| entry in pod.spec.resourceClaims of the |
| Pod where this field is used. It makes that |
| resource available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the maximum amount |
| of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes the minimum amount |
| of compute resources required. If Requests is |
| omitted for a container, it defaults to Limits |
| if that is explicitly specified, otherwise to |
| an implementation-defined value. Requests cannot |
| exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| restartPolicy: |
| description: 'RestartPolicy defines the restart behavior |
| of individual containers in a pod. This field may |
| only be set for init containers, and the only allowed |
| value is "Always". For non-init containers or when |
| this field is not specified, the restart behavior |
| is defined by the Pod''s restart policy and the container |
| type. Setting the RestartPolicy as "Always" for the |
| init container will have the following effect: this |
| init container will be continually restarted on exit |
| until all regular containers have terminated. Once |
| all regular containers have completed, all init containers |
| with restartPolicy "Always" will be shut down. This |
| lifecycle differs from normal init containers and |
| is often referred to as a "sidecar" container. Although |
| this init container still starts in the init container |
| sequence, it does not wait for the container to complete |
| before proceeding to the next init container. Instead, |
| the next init container starts immediately after this |
| init container is started, or after any startupProbe |
| has successfully completed.' |
| type: string |
| securityContext: |
| description: 'SecurityContext defines the security options |
| the container should be run with. If set, the fields |
| of SecurityContext override the equivalent fields |
| of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' |
| properties: |
| allowPrivilegeEscalation: |
| description: 'AllowPrivilegeEscalation controls |
| whether a process can gain more privileges than |
| its parent process. This bool directly controls |
| if the no_new_privs flag will be set on the container |
| process. AllowPrivilegeEscalation is true always |
| when the container is: 1) run as Privileged 2) |
| has CAP_SYS_ADMIN Note that this field cannot |
| be set when spec.os.name is windows.' |
| type: boolean |
| capabilities: |
| description: The capabilities to add/drop when running |
| containers. Defaults to the default set of capabilities |
| granted by the container runtime. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| add: |
| description: Added capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| drop: |
| description: Removed capabilities |
| items: |
| description: Capability represent POSIX capabilities |
| type |
| type: string |
| type: array |
| type: object |
| privileged: |
| description: Run container in privileged mode. Processes |
| in privileged containers are essentially equivalent |
| to root on the host. Defaults to false. Note that |
| this field cannot be set when spec.os.name is |
| windows. |
| type: boolean |
| procMount: |
| description: procMount denotes the type of proc |
| mount to use for the containers. The default is |
| DefaultProcMount which uses the container runtime |
| defaults for readonly paths and masked paths. |
| This requires the ProcMountType feature flag to |
| be enabled. Note that this field cannot be set |
| when spec.os.name is windows. |
| type: string |
| readOnlyRootFilesystem: |
| description: Whether this container has a read-only |
| root filesystem. Default is false. Note that this |
| field cannot be set when spec.os.name is windows. |
| type: boolean |
| runAsGroup: |
| description: The GID to run the entrypoint of the |
| container process. Uses runtime default if unset. |
| May also be set in PodSecurityContext. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| format: int64 |
| type: integer |
| runAsNonRoot: |
| description: Indicates that the container must run |
| as a non-root user. If true, the Kubelet will |
| validate the image at runtime to ensure that it |
| does not run as UID 0 (root) and fail to start |
| the container if it does. If unset or false, no |
| such validation will be performed. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. |
| type: boolean |
| runAsUser: |
| description: The UID to run the entrypoint of the |
| container process. Defaults to user specified |
| in image metadata if unspecified. May also be |
| set in PodSecurityContext. If set in both SecurityContext |
| and PodSecurityContext, the value specified in |
| SecurityContext takes precedence. Note that this |
| field cannot be set when spec.os.name is windows. |
| format: int64 |
| type: integer |
| seLinuxOptions: |
| description: The SELinux context to be applied to |
| the container. If unspecified, the container runtime |
| will allocate a random SELinux context for each |
| container. May also be set in PodSecurityContext. If |
| set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is windows. |
| properties: |
| level: |
| description: Level is SELinux level label that |
| applies to the container. |
| type: string |
| role: |
| description: Role is a SELinux role label that |
| applies to the container. |
| type: string |
| type: |
| description: Type is a SELinux type label that |
| applies to the container. |
| type: string |
| user: |
| description: User is a SELinux user label that |
| applies to the container. |
| type: string |
| type: object |
| seccompProfile: |
| description: The seccomp options to use by this |
| container. If seccomp options are provided at |
| both the pod & container level, the container |
| options override the pod options. Note that this |
| field cannot be set when spec.os.name is windows. |
| properties: |
| localhostProfile: |
| description: localhostProfile indicates a profile |
| defined in a file on the node should be used. |
| The profile must be preconfigured on the node |
| to work. Must be a descending path, relative |
| to the kubelet's configured seccomp profile |
| location. Must be set if type is "Localhost". |
| Must NOT be set for any other type. |
| type: string |
| type: |
| description: "type indicates which kind of seccomp |
| profile will be applied. Valid options are: |
| \n Localhost - a profile defined in a file |
| on the node should be used. RuntimeDefault |
| - the container runtime default profile should |
| be used. Unconfined - no profile should be |
| applied." |
| type: string |
| required: |
| - type |
| type: object |
| windowsOptions: |
| description: The Windows specific settings applied |
| to all containers. If unspecified, the options |
| from the PodSecurityContext will be used. If set |
| in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes precedence. |
| Note that this field cannot be set when spec.os.name |
| is linux. |
| properties: |
| gmsaCredentialSpec: |
| description: GMSACredentialSpec is where the |
| GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) |
| inlines the contents of the GMSA credential |
| spec named by the GMSACredentialSpecName field. |
| type: string |
| gmsaCredentialSpecName: |
| description: GMSACredentialSpecName is the name |
| of the GMSA credential spec to use. |
| type: string |
| hostProcess: |
| description: HostProcess determines if a container |
| should be run as a 'Host Process' container. |
| All of a Pod's containers must have the same |
| effective HostProcess value (it is not allowed |
| to have a mix of HostProcess containers and |
| non-HostProcess containers). In addition, |
| if HostProcess is true then HostNetwork must |
| also be set to true. |
| type: boolean |
| runAsUserName: |
| description: The UserName in Windows to run |
| the entrypoint of the container process. Defaults |
| to the user specified in image metadata if |
| unspecified. May also be set in PodSecurityContext. |
| If set in both SecurityContext and PodSecurityContext, |
| the value specified in SecurityContext takes |
| precedence. |
| type: string |
| type: object |
| type: object |
| startupProbe: |
| description: 'StartupProbe indicates that the Pod has |
| successfully initialized. If specified, no other probes |
| are executed until this completes successfully. If |
| this probe fails, the Pod will be restarted, just |
| as if the livenessProbe failed. This can be used to |
| provide different probe parameters at the beginning |
| of a Pod''s lifecycle, when it might take a long time |
| to load data or warm a cache, than during steady-state |
| operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to |
| execute inside the container, the working |
| directory for the command is root ('/') in |
| the container's filesystem. The command is |
| simply exec'd, it is not run inside a shell, |
| so traditional shell instructions ('|', etc) |
| won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is |
| treated as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the |
| probe to be considered failed after having succeeded. |
| Defaults to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving |
| a GRPC port. |
| properties: |
| port: |
| description: Port number of the gRPC service. |
| Number must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service |
| to place in the gRPC HealthCheckRequest (see |
| https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request |
| to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults |
| to the pod IP. You probably want to set "Host" |
| in httpHeaders instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom |
| header to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This |
| will be canonicalized upon output, so |
| case-variant names will be understood |
| as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to |
| the host. Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container |
| has started before liveness probes are initiated. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the |
| probe. Default to 10 seconds. Minimum value is |
| 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the |
| probe to be considered successful after having |
| failed. Defaults to 1. Must be 1 for liveness |
| and startup. Minimum value is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving |
| a TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect |
| to, defaults to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range |
| 1 to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod |
| needs to terminate gracefully upon probe failure. |
| The grace period is the duration in seconds after |
| the processes running in the pod are sent a termination |
| signal and the time when the processes are forcibly |
| halted with a kill signal. Set this value longer |
| than the expected cleanup time for your process. |
| If this value is nil, the pod's terminationGracePeriodSeconds |
| will be used. Otherwise, this value overrides |
| the value provided by the pod spec. Value must |
| be non-negative integer. The value zero indicates |
| stop immediately via the kill signal (no opportunity |
| to shut down). This is a beta field and requires |
| enabling ProbeTerminationGracePeriod feature gate. |
| Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the |
| probe times out. Defaults to 1 second. Minimum |
| value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| stdin: |
| description: Whether this container should allocate |
| a buffer for stdin in the container runtime. If this |
| is not set, reads from stdin in the container will |
| always result in EOF. Default is false. |
| type: boolean |
| stdinOnce: |
| description: Whether the container runtime should close |
| the stdin channel after it has been opened by a single |
| attach. When stdin is true the stdin stream will remain |
| open across multiple attach sessions. If stdinOnce |
| is set to true, stdin is opened on container start, |
| is empty until the first client attaches to stdin, |
| and then remains open and accepts data until the client |
| disconnects, at which time stdin is closed and remains |
| closed until the container is restarted. If this flag |
| is false, a container processes that reads from stdin |
| will never receive an EOF. Default is false |
| type: boolean |
| terminationMessagePath: |
| description: 'Optional: Path at which the file to which |
| the container''s termination message will be written |
| is mounted into the container''s filesystem. Message |
| written is intended to be brief final status, such |
| as an assertion failure message. Will be truncated |
| by the node if greater than 4096 bytes. The total |
| message length across all containers will be limited |
| to 12kb. Defaults to /dev/termination-log. Cannot |
| be updated.' |
| type: string |
| terminationMessagePolicy: |
| description: Indicate how the termination message should |
| be populated. File will use the contents of terminationMessagePath |
| to populate the container status message on both success |
| and failure. FallbackToLogsOnError will use the last |
| chunk of container log output if the termination message |
| file is empty and the container exited with an error. |
| The log output is limited to 2048 bytes or 80 lines, |
| whichever is smaller. Defaults to File. Cannot be |
| updated. |
| type: string |
| tty: |
| description: Whether this container should allocate |
| a TTY for itself, also requires 'stdin' to be true. |
| Default is false. |
| type: boolean |
| volumeDevices: |
| description: volumeDevices is the list of block devices |
| to be used by the container. |
| items: |
| description: volumeDevice describes a mapping of a |
| raw block device within a container. |
| properties: |
| devicePath: |
| description: devicePath is the path inside of |
| the container that the device will be mapped |
| to. |
| type: string |
| name: |
| description: name must match the name of a persistentVolumeClaim |
| in the pod |
| type: string |
| required: |
| - devicePath |
| - name |
| type: object |
| type: array |
| volumeMounts: |
| description: Pod volumes to mount into the container's |
| filesystem. Cannot be updated. |
| items: |
| description: VolumeMount describes a mounting of a |
| Volume within a container. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which |
| the container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment |
| variable references $(VAR_NAME) are expanded |
| using the container's environment. Defaults |
| to "" (volume's root). SubPathExpr and SubPath |
| are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| type: array |
| workingDir: |
| description: Container's working directory. If not specified, |
| the container runtime's default will be used, which |
| might be configured in the container image. Cannot |
| be updated. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| startupProbe: |
| description: Startup probe parameters |
| properties: |
| exec: |
| description: Exec specifies the action to take. |
| properties: |
| command: |
| description: Command is the command line to execute |
| inside the container, the working directory for |
| the command is root ('/') in the container's filesystem. |
| The command is simply exec'd, it is not run inside |
| a shell, so traditional shell instructions ('|', |
| etc) won't work. To use a shell, you need to explicitly |
| call out to that shell. Exit status of 0 is treated |
| as live/healthy and non-zero is unhealthy. |
| items: |
| type: string |
| type: array |
| type: object |
| failureThreshold: |
| description: Minimum consecutive failures for the probe |
| to be considered failed after having succeeded. Defaults |
| to 3. Minimum value is 1. |
| format: int32 |
| type: integer |
| grpc: |
| description: GRPC specifies an action involving a GRPC |
| port. |
| properties: |
| port: |
| description: Port number of the gRPC service. Number |
| must be in the range 1 to 65535. |
| format: int32 |
| type: integer |
| service: |
| description: "Service is the name of the service to |
| place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). |
| \n If this is not specified, the default behavior |
| is defined by gRPC." |
| type: string |
| required: |
| - port |
| type: object |
| httpGet: |
| description: HTTPGet specifies the http request to perform. |
| properties: |
| host: |
| description: Host name to connect to, defaults to |
| the pod IP. You probably want to set "Host" in httpHeaders |
| instead. |
| type: string |
| httpHeaders: |
| description: Custom headers to set in the request. |
| HTTP allows repeated headers. |
| items: |
| description: HTTPHeader describes a custom header |
| to be used in HTTP probes |
| properties: |
| name: |
| description: The header field name. This will |
| be canonicalized upon output, so case-variant |
| names will be understood as the same header. |
| type: string |
| value: |
| description: The header field value |
| type: string |
| required: |
| - name |
| - value |
| type: object |
| type: array |
| path: |
| description: Path to access on the HTTP server. |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Name or number of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| scheme: |
| description: Scheme to use for connecting to the host. |
| Defaults to HTTP. |
| type: string |
| required: |
| - port |
| type: object |
| initialDelaySeconds: |
| description: 'Number of seconds after the container has |
| started before liveness probes are initiated. More info: |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| periodSeconds: |
| description: How often (in seconds) to perform the probe. |
| Default to 10 seconds. Minimum value is 1. |
| format: int32 |
| type: integer |
| successThreshold: |
| description: Minimum consecutive successes for the probe |
| to be considered successful after having failed. Defaults |
| to 1. Must be 1 for liveness and startup. Minimum value |
| is 1. |
| format: int32 |
| type: integer |
| tcpSocket: |
| description: TCPSocket specifies an action involving a |
| TCP port. |
| properties: |
| host: |
| description: 'Optional: Host name to connect to, defaults |
| to the pod IP.' |
| type: string |
| port: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Number or name of the port to access |
| on the container. Number must be in the range 1 |
| to 65535. Name must be an IANA_SVC_NAME. |
| x-kubernetes-int-or-string: true |
| required: |
| - port |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs |
| to terminate gracefully upon probe failure. The grace |
| period is the duration in seconds after the processes |
| running in the pod are sent a termination signal and |
| the time when the processes are forcibly halted with |
| a kill signal. Set this value longer than the expected |
| cleanup time for your process. If this value is nil, |
| the pod's terminationGracePeriodSeconds will be used. |
| Otherwise, this value overrides the value provided by |
| the pod spec. Value must be non-negative integer. The |
| value zero indicates stop immediately via the kill signal |
| (no opportunity to shut down). This is a beta field |
| and requires enabling ProbeTerminationGracePeriod feature |
| gate. Minimum value is 1. spec.terminationGracePeriodSeconds |
| is used if unset. |
| format: int64 |
| type: integer |
| timeoutSeconds: |
| description: 'Number of seconds after which the probe |
| times out. Defaults to 1 second. Minimum value is 1. |
| More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' |
| format: int32 |
| type: integer |
| type: object |
| terminationGracePeriodSeconds: |
| description: Optional duration in seconds the pod needs to |
| terminate gracefully. |
| format: int64 |
| minimum: 10 |
| type: integer |
| tolerations: |
| description: Tolerations to be added for the StatefulSet. |
| items: |
| description: The pod this Toleration is attached to tolerates |
| any taint that matches the triple <key,value,effect> using |
| the matching operator <operator>. |
| properties: |
| effect: |
| description: Effect indicates the taint effect to match. |
| Empty means match all taint effects. When specified, |
| allowed values are NoSchedule, PreferNoSchedule and |
| NoExecute. |
| type: string |
| key: |
| description: Key is the taint key that the toleration |
| applies to. Empty means match all taint keys. If the |
| key is empty, operator must be Exists; this combination |
| means to match all values and all keys. |
| type: string |
| operator: |
| description: Operator represents a key's relationship |
| to the value. Valid operators are Exists and Equal. |
| Defaults to Equal. Exists is equivalent to wildcard |
| for value, so that a pod can tolerate all taints of |
| a particular category. |
| type: string |
| tolerationSeconds: |
| description: TolerationSeconds represents the period |
| of time the toleration (which must be of effect NoExecute, |
| otherwise this field is ignored) tolerates the taint. |
| By default, it is not set, which means tolerate the |
| taint forever (do not evict). Zero and negative values |
| will be treated as 0 (evict immediately) by the system. |
| format: int64 |
| type: integer |
| value: |
| description: Value is the taint value the toleration |
| matches to. If the operator is Exists, the value should |
| be empty, otherwise just a regular string. |
| type: string |
| type: object |
| type: array |
| topologySpreadConstraints: |
| description: "Optional PodSpreadTopologyConstraints to use |
| when scheduling pods. More information here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
| \n Note: There is no need to provide a \"labelSelector\", |
| as the operator will inject the labels for you if not provided." |
| items: |
| description: TopologySpreadConstraint specifies how to spread |
| matching pods among the given topology. |
| properties: |
| labelSelector: |
| description: LabelSelector is used to find matching |
| pods. Pods that match this label selector are counted |
| to determine the number of pods in their corresponding |
| topology domain. |
| properties: |
| matchExpressions: |
| description: matchExpressions is a list of label |
| selector requirements. The requirements are ANDed. |
| items: |
| description: A label selector requirement is a |
| selector that contains values, a key, and an |
| operator that relates the key and values. |
| properties: |
| key: |
| description: key is the label key that the |
| selector applies to. |
| type: string |
| operator: |
| description: operator represents a key's relationship |
| to a set of values. Valid operators are |
| In, NotIn, Exists and DoesNotExist. |
| type: string |
| values: |
| description: values is an array of string |
| values. If the operator is In or NotIn, |
| the values array must be non-empty. If the |
| operator is Exists or DoesNotExist, the |
| values array must be empty. This array is |
| replaced during a strategic merge patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map of {key,value} |
| pairs. A single {key,value} in the matchLabels |
| map is equivalent to an element of matchExpressions, |
| whose key field is "key", the operator is "In", |
| and the values array contains only "value". The |
| requirements are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| matchLabelKeys: |
| description: "MatchLabelKeys is a set of pod label keys |
| to select the pods over which spreading will be calculated. |
| The keys are used to lookup values from the incoming |
| pod labels, those key-value labels are ANDed with |
| labelSelector to select the group of existing pods |
| over which spreading will be calculated for the incoming |
| pod. The same key is forbidden to exist in both MatchLabelKeys |
| and LabelSelector. MatchLabelKeys cannot be set when |
| LabelSelector isn't set. Keys that don't exist in |
| the incoming pod labels will be ignored. A null or |
| empty list means only match against labelSelector. |
| \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread |
| feature gate to be enabled (enabled by default)." |
| items: |
| type: string |
| type: array |
| x-kubernetes-list-type: atomic |
| maxSkew: |
| description: 'MaxSkew describes the degree to which |
| pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, |
| it is the maximum permitted difference between the |
| number of matching pods in the target topology and |
| the global minimum. The global minimum is the minimum |
| number of matching pods in an eligible domain or zero |
| if the number of eligible domains is less than MinDomains. |
| For example, in a 3-zone cluster, MaxSkew is set to |
| 1, and pods with the same labelSelector spread as |
| 2/2/1: In this case, the global minimum is 1. | zone1 |
| | zone2 | zone3 | | P P | P P | P | - if MaxSkew |
| is 1, incoming pod can only be scheduled to zone3 |
| to become 2/2/2; scheduling it onto zone1(zone2) would |
| make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). |
| - if MaxSkew is 2, incoming pod can be scheduled onto |
| any zone. When `whenUnsatisfiable=ScheduleAnyway`, |
| it is used to give higher precedence to topologies |
| that satisfy it. It''s a required field. Default value |
| is 1 and 0 is not allowed.' |
| format: int32 |
| type: integer |
| minDomains: |
| description: "MinDomains indicates a minimum number |
| of eligible domains. When the number of eligible domains |
| with matching topology keys is less than minDomains, |
| Pod Topology Spread treats \"global minimum\" as 0, |
| and then the calculation of Skew is performed. And |
| when the number of eligible domains with matching |
| topology keys equals or greater than minDomains, this |
| value has no effect on scheduling. As a result, when |
| the number of eligible domains is less than minDomains, |
| scheduler won't schedule more than maxSkew Pods to |
| those domains. If value is nil, the constraint behaves |
| as if MinDomains is equal to 1. Valid values are integers |
| greater than 0. When value is not nil, WhenUnsatisfiable |
| must be DoNotSchedule. \n For example, in a 3-zone |
| cluster, MaxSkew is set to 2, MinDomains is set to |
| 5 and pods with the same labelSelector spread as 2/2/2: |
| | zone1 | zone2 | zone3 | | P P | P P | P P | |
| The number of domains is less than 5(MinDomains), |
| so \"global minimum\" is treated as 0. In this situation, |
| new pod with the same labelSelector cannot be scheduled, |
| because computed skew will be 3(3 - 0) if new Pod |
| is scheduled to any of the three zones, it will violate |
| MaxSkew. \n This is a beta field and requires the |
| MinDomainsInPodTopologySpread feature gate to be enabled |
| (enabled by default)." |
| format: int32 |
| type: integer |
| nodeAffinityPolicy: |
| description: "NodeAffinityPolicy indicates how we will |
| treat Pod's nodeAffinity/nodeSelector when calculating |
| pod topology spread skew. Options are: - Honor: only |
| nodes matching nodeAffinity/nodeSelector are included |
| in the calculations. - Ignore: nodeAffinity/nodeSelector |
| are ignored. All nodes are included in the calculations. |
| \n If this value is nil, the behavior is equivalent |
| to the Honor policy. This is a beta-level feature |
| default enabled by the NodeInclusionPolicyInPodTopologySpread |
| feature flag." |
| type: string |
| nodeTaintsPolicy: |
| description: "NodeTaintsPolicy indicates how we will |
| treat node taints when calculating pod topology spread |
| skew. Options are: - Honor: nodes without taints, |
| along with tainted nodes for which the incoming pod |
| has a toleration, are included. - Ignore: node taints |
| are ignored. All nodes are included. \n If this value |
| is nil, the behavior is equivalent to the Ignore policy. |
| This is a beta-level feature default enabled by the |
| NodeInclusionPolicyInPodTopologySpread feature flag." |
| type: string |
| topologyKey: |
| description: TopologyKey is the key of node labels. |
| Nodes that have a label with this key and identical |
| values are considered to be in the same topology. |
| We consider each <key, value> as a "bucket", and try |
| to put balanced number of pods into each bucket. We |
| define a domain as a particular instance of a topology. |
| Also, we define an eligible domain as a domain whose |
| nodes meet the requirements of nodeAffinityPolicy |
| and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", |
| each Node is a domain of that topology. And, if TopologyKey |
| is "topology.kubernetes.io/zone", each zone is a domain |
| of that topology. It's a required field. |
| type: string |
| whenUnsatisfiable: |
| description: 'WhenUnsatisfiable indicates how to deal |
| with a pod if it doesn''t satisfy the spread constraint. |
| - DoNotSchedule (default) tells the scheduler not |
| to schedule it. - ScheduleAnyway tells the scheduler |
| to schedule the pod in any location, but giving higher |
| precedence to topologies that would help reduce the |
| skew. A constraint is considered "Unsatisfiable" for |
| an incoming pod if and only if every possible node |
| assignment for that pod would violate "MaxSkew" on |
| some topology. For example, in a 3-zone cluster, MaxSkew |
| is set to 1, and pods with the same labelSelector |
| spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P |
| | P | P | If WhenUnsatisfiable is set to DoNotSchedule, |
| incoming pod can only be scheduled to zone2(zone3) |
| to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) |
| satisfies MaxSkew(1). In other words, the cluster |
| can still be imbalanced, but scheduler won''t make |
| it *more* imbalanced. It''s a required field.' |
| type: string |
| required: |
| - maxSkew |
| - topologyKey |
| - whenUnsatisfiable |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - topologyKey |
| - whenUnsatisfiable |
| x-kubernetes-list-type: map |
| volumes: |
| description: Additional non-data volumes to load into the |
| default container. |
| items: |
| description: AdditionalVolume provides information on additional |
| volumes that should be loaded into pods |
| properties: |
| defaultContainerMount: |
| description: DefaultContainerMount defines how to mount |
| this volume into the default container. If this volume |
| is to be used only with sidecar or non-default init |
| containers, then this option is not necessary. |
| properties: |
| mountPath: |
| description: Path within the container at which |
| the volume should be mounted. Must not contain |
| ':'. |
| type: string |
| mountPropagation: |
| description: mountPropagation determines how mounts |
| are propagated from the host to container and |
| the other way around. When not set, MountPropagationNone |
| is used. This field is beta in 1.10. |
| type: string |
| name: |
| description: This must match the Name of a Volume. |
| type: string |
| readOnly: |
| description: Mounted read-only if true, read-write |
| otherwise (false or unspecified). Defaults to |
| false. |
| type: boolean |
| subPath: |
| description: Path within the volume from which the |
| container's volume should be mounted. Defaults |
| to "" (volume's root). |
| type: string |
| subPathExpr: |
| description: Expanded path within the volume from |
| which the container's volume should be mounted. |
| Behaves similarly to SubPath but environment variable |
| references $(VAR_NAME) are expanded using the |
| container's environment. Defaults to "" (volume's |
| root). SubPathExpr and SubPath are mutually exclusive. |
| type: string |
| required: |
| - mountPath |
| - name |
| type: object |
| name: |
| description: Name of the volume |
| type: string |
| source: |
| description: Source is the source of the Volume to be |
| loaded into the solrCloud Pod |
| properties: |
| awsElasticBlockStore: |
| description: 'awsElasticBlockStore represents an |
| AWS Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty).' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly value true will force |
| the readOnly setting in VolumeMounts. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: boolean |
| volumeID: |
| description: 'volumeID is unique ID of the persistent |
| disk resource in AWS (Amazon EBS volume). |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' |
| type: string |
| required: |
| - volumeID |
| type: object |
| azureDisk: |
| description: azureDisk represents an Azure Data |
| Disk mount on the host and bind mount to the pod. |
| properties: |
| cachingMode: |
| description: 'cachingMode is the Host Caching |
| mode: None, Read Only, Read Write.' |
| type: string |
| diskName: |
| description: diskName is the Name of the data |
| disk in the blob storage |
| type: string |
| diskURI: |
| description: diskURI is the URI of data disk |
| in the blob storage |
| type: string |
| fsType: |
| description: fsType is Filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| kind: |
| description: 'kind expected values are Shared: |
| multiple blob disks per storage account Dedicated: |
| single blob disk per storage account Managed: |
| azure managed data disk (only in managed availability |
| set). defaults to shared' |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| required: |
| - diskName |
| - diskURI |
| type: object |
| azureFile: |
| description: azureFile represents an Azure File |
| Service mount on the host and bind mount to the |
| pod. |
| properties: |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretName: |
| description: secretName is the name of secret |
| that contains Azure Storage Account Name and |
| Key |
| type: string |
| shareName: |
| description: shareName is the azure share Name |
| type: string |
| required: |
| - secretName |
| - shareName |
| type: object |
| cephfs: |
| description: cephFS represents a Ceph FS mount on |
| the host that shares a pod's lifetime |
| properties: |
| monitors: |
| description: 'monitors is Required: Monitors |
| is a collection of Ceph monitors More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| path: |
| description: 'path is Optional: Used as the |
| mounted root, rather than the full Ceph tree, |
| default is /' |
| type: string |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts. |
| More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: boolean |
| secretFile: |
| description: 'secretFile is Optional: SecretFile |
| is the path to key ring for User, default |
| is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| secretRef: |
| description: 'secretRef is Optional: SecretRef |
| is reference to the authentication secret |
| for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is optional: User is the |
| rados user name, default is admin More info: |
| https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' |
| type: string |
| required: |
| - monitors |
| type: object |
| cinder: |
| description: 'cinder represents a cinder volume |
| attached and mounted on kubelets host machine. |
| More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| readOnly: |
| description: 'readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: boolean |
| secretRef: |
| description: 'secretRef is optional: points |
| to a secret object containing parameters used |
| to connect to OpenStack.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeID: |
| description: 'volumeID used to identify the |
| volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' |
| type: string |
| required: |
| - volumeID |
| type: object |
| configMap: |
| description: configMap represents a configMap that |
| should populate this volume |
| properties: |
| defaultMode: |
| description: 'defaultMode is optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items if unspecified, each key-value |
| pair in the Data field of the referenced ConfigMap |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the ConfigMap, the |
| volume setup will error unless it is marked |
| optional. Paths must be relative and may not |
| contain the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. More info: |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether the ConfigMap |
| or its keys must be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| csi: |
| description: csi (Container Storage Interface) represents |
| ephemeral storage that is handled by certain external |
| CSI drivers (Beta feature). |
| properties: |
| driver: |
| description: driver is the name of the CSI driver |
| that handles this volume. Consult with your |
| admin for the correct name as registered in |
| the cluster. |
| type: string |
| fsType: |
| description: fsType to mount. Ex. "ext4", "xfs", |
| "ntfs". If not provided, the empty value is |
| passed to the associated CSI driver which |
| will determine the default filesystem to apply. |
| type: string |
| nodePublishSecretRef: |
| description: nodePublishSecretRef is a reference |
| to the secret object containing sensitive |
| information to pass to the CSI driver to complete |
| the CSI NodePublishVolume and NodeUnpublishVolume |
| calls. This field is optional, and may be |
| empty if no secret is required. If the secret |
| object contains more than one secret, all |
| secret references are passed. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| readOnly: |
| description: readOnly specifies a read-only |
| configuration for the volume. Defaults to |
| false (read/write). |
| type: boolean |
| volumeAttributes: |
| additionalProperties: |
| type: string |
| description: volumeAttributes stores driver-specific |
| properties that are passed to the CSI driver. |
| Consult your driver's documentation for supported |
| values. |
| type: object |
| required: |
| - driver |
| type: object |
| downwardAPI: |
| description: downwardAPI represents downward API |
| about the pod that should populate this volume |
| properties: |
| defaultMode: |
| description: 'Optional: mode bits to use on |
| created files by default. Must be a Optional: |
| mode bits used to set permissions on created |
| files by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: Items is a list of downward API |
| volume file |
| items: |
| description: DownwardAPIVolumeFile represents |
| information to create the file containing |
| the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects a field |
| of the pod: only annotations, labels, |
| name and namespace are supported.' |
| properties: |
| apiVersion: |
| description: Version of the schema |
| the FieldPath is written in terms |
| of, defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the field to |
| select in the specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode bits used |
| to set permissions on this file, must |
| be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. |
| YAML accepts both octal and decimal |
| values, JSON requires decimal values |
| for mode bits. If not specified, the |
| volume defaultMode will be used. This |
| might be in conflict with other options |
| that affect the file mode, like fsGroup, |
| and the result can be other mode bits |
| set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path is the relative |
| path name of the file to be created. |
| Must not be absolute or contain the |
| ''..'' path. Must be utf-8 encoded. |
| The first item of the relative path |
| must not start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource of the |
| container: only resources limits and |
| requests (limits.cpu, limits.memory, |
| requests.cpu and requests.memory) are |
| currently supported.' |
| properties: |
| containerName: |
| description: 'Container name: required |
| for volumes, optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the output |
| format of the exposed resources, |
| defaults to "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: resource to |
| select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| emptyDir: |
| description: 'emptyDir represents a temporary directory |
| that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| properties: |
| medium: |
| description: 'medium represents what type of |
| storage medium should back this directory. |
| The default is "" which means to use the node''s |
| default medium. Must be an empty string (default) |
| or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| type: string |
| sizeLimit: |
| anyOf: |
| - type: integer |
| - type: string |
| description: 'sizeLimit is the total amount |
| of local storage required for this EmptyDir |
| volume. The size limit is also applicable |
| for memory medium. The maximum usage on memory |
| medium EmptyDir would be the minimum value |
| between the SizeLimit specified here and the |
| sum of memory limits of all containers in |
| a pod. The default is nil which means that |
| the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| type: object |
| ephemeral: |
| description: "ephemeral represents a volume that |
| is handled by a cluster storage driver. The volume's |
| lifecycle is tied to the pod that defines it - |
| it will be created before the pod starts, and |
| deleted when the pod is removed. \n Use this if: |
| a) the volume is only needed while the pod runs, |
| b) features of normal volumes like restoring from |
| snapshot or capacity tracking are needed, c) the |
| storage driver is specified through a storage |
| class, and d) the storage driver supports dynamic |
| volume provisioning through a PersistentVolumeClaim |
| (see EphemeralVolumeSource for more information |
| on the connection between this volume type and |
| PersistentVolumeClaim). \n Use PersistentVolumeClaim |
| or one of the vendor-specific APIs for volumes |
| that persist for longer than the lifecycle of |
| an individual pod. \n Use CSI for light-weight |
| local ephemeral volumes if the CSI driver is meant |
| to be used that way - see the documentation of |
| the driver for more information. \n A pod can |
| use both types of ephemeral volumes and persistent |
| volumes at the same time." |
| properties: |
| volumeClaimTemplate: |
| description: "Will be used to create a stand-alone |
| PVC to provision the volume. The pod in which |
| this EphemeralVolumeSource is embedded will |
| be the owner of the PVC, i.e. the PVC will |
| be deleted together with the pod. The name |
| of the PVC will be `<pod name>-<volume name>` |
| where `<volume name>` is the name from the |
| `PodSpec.Volumes` array entry. Pod validation |
| will reject the pod if the concatenated name |
| is not valid for a PVC (for example, too long). |
| \n An existing PVC with that name that is |
| not owned by the pod will *not* be used for |
| the pod to avoid using an unrelated volume |
| by mistake. Starting the pod is then blocked |
| until the unrelated PVC is removed. If such |
| a pre-created PVC is meant to be used by the |
| pod, the PVC has to updated with an owner |
| reference to the pod once the pod exists. |
| Normally this should not be necessary, but |
| it may be useful when manually reconstructing |
| a broken cluster. \n This field is read-only |
| and no changes will be made by Kubernetes |
| to the PVC after it has been created. \n Required, |
| must not be nil." |
| properties: |
| metadata: |
| description: May contain labels and annotations |
| that will be copied into the PVC when |
| creating it. No other fields are allowed |
| and will be rejected during validation. |
| type: object |
| spec: |
| description: The specification for the PersistentVolumeClaim. |
| The entire content is copied unchanged |
| into the PVC that gets created from this |
| template. The same fields as in a PersistentVolumeClaim |
| are also valid here. |
| properties: |
| accessModes: |
| description: 'accessModes contains the |
| desired access modes the volume should |
| have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' |
| items: |
| type: string |
| type: array |
| dataSource: |
| description: 'dataSource field can be |
| used to specify either: * An existing |
| VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) |
| * An existing PVC (PersistentVolumeClaim) |
| If the provisioner or an external |
| controller can support the specified |
| data source, it will create a new |
| volume based on the contents of the |
| specified data source. When the AnyVolumeDataSource |
| feature gate is enabled, dataSource |
| contents will be copied to dataSourceRef, |
| and dataSourceRef contents will be |
| copied to dataSource when dataSourceRef.namespace |
| is not specified. If the namespace |
| is specified, then dataSourceRef will |
| not be copied to dataSource.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| x-kubernetes-map-type: atomic |
| dataSourceRef: |
| description: 'dataSourceRef specifies |
| the object from which to populate |
| the volume with data, if a non-empty |
| volume is desired. This may be any |
| object from a non-empty API group |
| (non core object) or a PersistentVolumeClaim |
| object. When this field is specified, |
| volume binding will only succeed if |
| the type of the specified object matches |
| some installed volume populator or |
| dynamic provisioner. This field will |
| replace the functionality of the dataSource |
| field and as such if both fields are |
| non-empty, they must have the same |
| value. For backwards compatibility, |
| when namespace isn''t specified in |
| dataSourceRef, both fields (dataSource |
| and dataSourceRef) will be set to |
| the same value automatically if one |
| of them is empty and the other is |
| non-empty. When namespace is specified |
| in dataSourceRef, dataSource isn''t |
| set to the same value and must be |
| empty. There are three important differences |
| between dataSource and dataSourceRef: |
| * While dataSource only allows two |
| specific types of objects, dataSourceRef |
| allows any non-core object, as well |
| as PersistentVolumeClaim objects. |
| * While dataSource ignores disallowed |
| values (dropping them), dataSourceRef |
| preserves all values, and generates |
| an error if a disallowed value is |
| specified. * While dataSource only |
| allows local objects, dataSourceRef |
| allows objects in any namespaces. |
| (Beta) Using this field requires the |
| AnyVolumeDataSource feature gate to |
| be enabled. (Alpha) Using the namespace |
| field of dataSourceRef requires the |
| CrossNamespaceVolumeDataSource feature |
| gate to be enabled.' |
| properties: |
| apiGroup: |
| description: APIGroup is the group |
| for the resource being referenced. |
| If APIGroup is not specified, |
| the specified Kind must be in |
| the core API group. For any other |
| third-party types, APIGroup is |
| required. |
| type: string |
| kind: |
| description: Kind is the type of |
| resource being referenced |
| type: string |
| name: |
| description: Name is the name of |
| resource being referenced |
| type: string |
| namespace: |
| description: Namespace is the namespace |
| of resource being referenced Note |
| that when a namespace is specified, |
| a gateway.networking.k8s.io/ReferenceGrant |
| object is required in the referent |
| namespace to allow that namespace's |
| owner to accept the reference. |
| See the ReferenceGrant documentation |
| for details. (Alpha) This field |
| requires the CrossNamespaceVolumeDataSource |
| feature gate to be enabled. |
| type: string |
| required: |
| - kind |
| - name |
| type: object |
| resources: |
| description: 'resources represents the |
| minimum resources the volume should |
| have. If RecoverVolumeExpansionFailure |
| feature is enabled users are allowed |
| to specify resource requirements that |
| are lower than previous value but |
| must still be higher than capacity |
| recorded in the status field of the |
| claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' |
| properties: |
| claims: |
| description: "Claims lists the names |
| of resources, defined in spec.resourceClaims, |
| that are used by this container. |
| \n This is an alpha field and |
| requires enabling the DynamicResourceAllocation |
| feature gate. \n This field is |
| immutable. It can only be set |
| for containers." |
| items: |
| description: ResourceClaim references |
| one entry in PodSpec.ResourceClaims. |
| properties: |
| name: |
| description: Name must match |
| the name of one entry in |
| pod.spec.resourceClaims |
| of the Pod where this field |
| is used. It makes that resource |
| available inside a container. |
| type: string |
| required: |
| - name |
| type: object |
| type: array |
| x-kubernetes-list-map-keys: |
| - name |
| x-kubernetes-list-type: map |
| limits: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Limits describes the |
| maximum amount of compute resources |
| allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| requests: |
| additionalProperties: |
| anyOf: |
| - type: integer |
| - type: string |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| description: 'Requests describes |
| the minimum amount of compute |
| resources required. If Requests |
| is omitted for a container, it |
| defaults to Limits if that is |
| explicitly specified, otherwise |
| to an implementation-defined value. |
| Requests cannot exceed Limits. |
| More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' |
| type: object |
| type: object |
| selector: |
| description: selector is a label query |
| over volumes to consider for binding. |
| properties: |
| matchExpressions: |
| description: matchExpressions is |
| a list of label selector requirements. |
| The requirements are ANDed. |
| items: |
| description: A label selector |
| requirement is a selector that |
| contains values, a key, and |
| an operator that relates the |
| key and values. |
| properties: |
| key: |
| description: key is the label |
| key that the selector applies |
| to. |
| type: string |
| operator: |
| description: operator represents |
| a key's relationship to |
| a set of values. Valid operators |
| are In, NotIn, Exists and |
| DoesNotExist. |
| type: string |
| values: |
| description: values is an |
| array of string values. |
| If the operator is In or |
| NotIn, the values array |
| must be non-empty. If the |
| operator is Exists or DoesNotExist, |
| the values array must be |
| empty. This array is replaced |
| during a strategic merge |
| patch. |
| items: |
| type: string |
| type: array |
| required: |
| - key |
| - operator |
| type: object |
| type: array |
| matchLabels: |
| additionalProperties: |
| type: string |
| description: matchLabels is a map |
| of {key,value} pairs. A single |
| {key,value} in the matchLabels |
| map is equivalent to an element |
| of matchExpressions, whose key |
| field is "key", the operator is |
| "In", and the values array contains |
| only "value". The requirements |
| are ANDed. |
| type: object |
| type: object |
| x-kubernetes-map-type: atomic |
| storageClassName: |
| description: 'storageClassName is the |
| name of the StorageClass required |
| by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' |
| type: string |
| volumeMode: |
| description: volumeMode defines what |
| type of volume is required by the |
| claim. Value of Filesystem is implied |
| when not included in claim spec. |
| type: string |
| volumeName: |
| description: volumeName is the binding |
| reference to the PersistentVolume |
| backing this claim. |
| type: string |
| type: object |
| required: |
| - spec |
| type: object |
| type: object |
| fc: |
| description: fc represents a Fibre Channel resource |
| that is attached to a kubelet's host machine and |
| then exposed to the pod. |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| to mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. TODO: how do we prevent errors |
| in the filesystem from compromising the machine' |
| type: string |
| lun: |
| description: 'lun is Optional: FC target lun |
| number' |
| format: int32 |
| type: integer |
| readOnly: |
| description: 'readOnly is Optional: Defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| targetWWNs: |
| description: 'targetWWNs is Optional: FC target |
| worldwide names (WWNs)' |
| items: |
| type: string |
| type: array |
| wwids: |
| description: 'wwids Optional: FC volume world |
| wide identifiers (wwids) Either wwids or combination |
| of targetWWNs and lun must be set, but not |
| both simultaneously.' |
| items: |
| type: string |
| type: array |
| type: object |
| flexVolume: |
| description: flexVolume represents a generic volume |
| resource that is provisioned/attached using an |
| exec based plugin. |
| properties: |
| driver: |
| description: driver is the name of the driver |
| to use for this volume. |
| type: string |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". The default filesystem depends |
| on FlexVolume script. |
| type: string |
| options: |
| additionalProperties: |
| type: string |
| description: 'options is Optional: this field |
| holds extra command options if any.' |
| type: object |
| readOnly: |
| description: 'readOnly is Optional: defaults |
| to false (read/write). ReadOnly here will |
| force the ReadOnly setting in VolumeMounts.' |
| type: boolean |
| secretRef: |
| description: 'secretRef is Optional: secretRef |
| is reference to the secret object containing |
| sensitive information to pass to the plugin |
| scripts. This may be empty if no secret object |
| is specified. If the secret object contains |
| more than one secret, all secrets are passed |
| to the plugin scripts.' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - driver |
| type: object |
| flocker: |
| description: flocker represents a Flocker volume |
| attached to a kubelet's host machine. This depends |
| on the Flocker control service being running |
| properties: |
| datasetName: |
| description: datasetName is Name of the dataset |
| stored as metadata -> name on the dataset |
| for Flocker should be considered as deprecated |
| type: string |
| datasetUUID: |
| description: datasetUUID is the UUID of the |
| dataset. This is unique identifier of a Flocker |
| dataset |
| type: string |
| type: object |
| gcePersistentDisk: |
| description: 'gcePersistentDisk represents a GCE |
| Disk resource that is attached to a kubelet''s |
| host machine and then exposed to the pod. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| properties: |
| fsType: |
| description: 'fsType is filesystem type of the |
| volume that you want to mount. Tip: Ensure |
| that the filesystem type is supported by the |
| host operating system. Examples: "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| partition: |
| description: 'partition is the partition in |
| the volume that you want to mount. If omitted, |
| the default is to mount by volume name. Examples: |
| For volume /dev/sda1, you specify the partition |
| as "1". Similarly, the volume partition for |
| /dev/sda is "0" (or you can leave the property |
| empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| format: int32 |
| type: integer |
| pdName: |
| description: 'pdName is unique name of the PD |
| resource in GCE. Used to identify the disk |
| in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' |
| type: boolean |
| required: |
| - pdName |
| type: object |
| gitRepo: |
| description: 'gitRepo represents a git repository |
| at a particular revision. DEPRECATED: GitRepo |
| is deprecated. To provision a container with a |
| git repo, mount an EmptyDir into an InitContainer |
| that clones the repo using git, then mount the |
| EmptyDir into the Pod''s container.' |
| properties: |
| directory: |
| description: directory is the target directory |
| name. Must not contain or start with '..'. If |
| '.' is supplied, the volume directory will |
| be the git repository. Otherwise, if specified, |
| the volume will contain the git repository |
| in the subdirectory with the given name. |
| type: string |
| repository: |
| description: repository is the URL |
| type: string |
| revision: |
| description: revision is the commit hash for |
| the specified revision. |
| type: string |
| required: |
| - repository |
| type: object |
| glusterfs: |
| description: 'glusterfs represents a Glusterfs mount |
| on the host that shares a pod''s lifetime. More |
| info: https://examples.k8s.io/volumes/glusterfs/README.md' |
| properties: |
| endpoints: |
| description: 'endpoints is the endpoint name |
| that details Glusterfs topology. More info: |
| https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| path: |
| description: 'path is the Glusterfs volume path. |
| More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the Glusterfs |
| volume to be mounted with read-only permissions. |
| Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' |
| type: boolean |
| required: |
| - endpoints |
| - path |
| type: object |
| hostPath: |
| description: 'hostPath represents a pre-existing |
| file or directory on the host machine that is |
| directly exposed to the container. This is generally |
| used for system agents or other privileged things |
| that are allowed to see the host machine. Most |
| containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath |
| --- TODO(jonesdl) We need to restrict who can |
| use host directory mounts and who can/can not |
| mount host directories as read/write.' |
| properties: |
| path: |
| description: 'path of the directory on the host. |
| If the path is a symlink, it will follow the |
| link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| type: |
| description: 'type for HostPath Volume Defaults |
| to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' |
| type: string |
| required: |
| - path |
| type: object |
| iscsi: |
| description: 'iscsi represents an ISCSI Disk resource |
| that is attached to a kubelet''s host machine |
| and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' |
| properties: |
| chapAuthDiscovery: |
| description: chapAuthDiscovery defines whether |
| support iSCSI Discovery CHAP authentication |
| type: boolean |
| chapAuthSession: |
| description: chapAuthSession defines whether |
| support iSCSI Session CHAP authentication |
| type: boolean |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| initiatorName: |
| description: initiatorName is the custom iSCSI |
| Initiator Name. If initiatorName is specified |
| with iscsiInterface simultaneously, new iSCSI |
| interface <target portal>:<volume name> will |
| be created for the connection. |
| type: string |
| iqn: |
| description: iqn is the target iSCSI Qualified |
| Name. |
| type: string |
| iscsiInterface: |
| description: iscsiInterface is the interface |
| Name that uses an iSCSI transport. Defaults |
| to 'default' (tcp). |
| type: string |
| lun: |
| description: lun represents iSCSI Target Lun |
| number. |
| format: int32 |
| type: integer |
| portals: |
| description: portals is the iSCSI Target Portal |
| List. The portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| items: |
| type: string |
| type: array |
| readOnly: |
| description: readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| type: boolean |
| secretRef: |
| description: secretRef is the CHAP Secret for |
| iSCSI target and initiator authentication |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| targetPortal: |
| description: targetPortal is iSCSI Target Portal. |
| The Portal is either an IP or ip_addr:port |
| if the port is other than default (typically |
| TCP ports 860 and 3260). |
| type: string |
| required: |
| - iqn |
| - lun |
| - targetPortal |
| type: object |
| nfs: |
| description: 'nfs represents an NFS mount on the |
| host that shares a pod''s lifetime More info: |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| properties: |
| path: |
| description: 'path that is exported by the NFS |
| server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the NFS |
| export to be mounted with read-only permissions. |
| Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: boolean |
| server: |
| description: 'server is the hostname or IP address |
| of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' |
| type: string |
| required: |
| - path |
| - server |
| type: object |
| persistentVolumeClaim: |
| description: 'persistentVolumeClaimVolumeSource |
| represents a reference to a PersistentVolumeClaim |
| in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| properties: |
| claimName: |
| description: 'claimName is the name of a PersistentVolumeClaim |
| in the same namespace as the pod using this |
| volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' |
| type: string |
| readOnly: |
| description: readOnly Will force the ReadOnly |
| setting in VolumeMounts. Default false. |
| type: boolean |
| required: |
| - claimName |
| type: object |
| photonPersistentDisk: |
| description: photonPersistentDisk represents a PhotonController |
| persistent disk attached and mounted on kubelets |
| host machine |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| pdID: |
| description: pdID is the ID that identifies |
| Photon Controller persistent disk |
| type: string |
| required: |
| - pdID |
| type: object |
| portworxVolume: |
| description: portworxVolume represents a portworx |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fSType represents the filesystem |
| type to mount Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| volumeID: |
| description: volumeID uniquely identifies a |
| Portworx volume |
| type: string |
| required: |
| - volumeID |
| type: object |
| projected: |
| description: projected items for all in one resources |
| secrets, configmaps, and downward API |
| properties: |
| defaultMode: |
| description: defaultMode are the mode bits used |
| to set permissions on created files by default. |
| Must be an octal value between 0000 and 0777 |
| or a decimal value between 0 and 511. YAML |
| accepts both octal and decimal values, JSON |
| requires decimal values for mode bits. Directories |
| within the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set. |
| format: int32 |
| type: integer |
| sources: |
| description: sources is the list of volume projections |
| items: |
| description: Projection that may be projected |
| along with other supported volume types |
| properties: |
| configMap: |
| description: configMap information about |
| the configMap data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced ConfigMap |
| will be projected into the volume |
| as a file whose name is the key |
| and content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the ConfigMap, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional specify whether |
| the ConfigMap or its keys must be |
| defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| downwardAPI: |
| description: downwardAPI information about |
| the downwardAPI data to project |
| properties: |
| items: |
| description: Items is a list of DownwardAPIVolume |
| file |
| items: |
| description: DownwardAPIVolumeFile |
| represents information to create |
| the file containing the pod field |
| properties: |
| fieldRef: |
| description: 'Required: Selects |
| a field of the pod: only annotations, |
| labels, name and namespace |
| are supported.' |
| properties: |
| apiVersion: |
| description: Version of |
| the schema the FieldPath |
| is written in terms of, |
| defaults to "v1". |
| type: string |
| fieldPath: |
| description: Path of the |
| field to select in the |
| specified API version. |
| type: string |
| required: |
| - fieldPath |
| type: object |
| x-kubernetes-map-type: atomic |
| mode: |
| description: 'Optional: mode |
| bits used to set permissions |
| on this file, must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: 'Required: Path |
| is the relative path name |
| of the file to be created. |
| Must not be absolute or contain |
| the ''..'' path. Must be utf-8 |
| encoded. The first item of |
| the relative path must not |
| start with ''..''' |
| type: string |
| resourceFieldRef: |
| description: 'Selects a resource |
| of the container: only resources |
| limits and requests (limits.cpu, |
| limits.memory, requests.cpu |
| and requests.memory) are currently |
| supported.' |
| properties: |
| containerName: |
| description: 'Container |
| name: required for volumes, |
| optional for env vars' |
| type: string |
| divisor: |
| anyOf: |
| - type: integer |
| - type: string |
| description: Specifies the |
| output format of the exposed |
| resources, defaults to |
| "1" |
| pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ |
| x-kubernetes-int-or-string: true |
| resource: |
| description: 'Required: |
| resource to select' |
| type: string |
| required: |
| - resource |
| type: object |
| x-kubernetes-map-type: atomic |
| required: |
| - path |
| type: object |
| type: array |
| type: object |
| secret: |
| description: secret information about |
| the secret data to project |
| properties: |
| items: |
| description: items if unspecified, |
| each key-value pair in the Data |
| field of the referenced Secret will |
| be projected into the volume as |
| a file whose name is the key and |
| content is the value. If specified, |
| the listed keys will be projected |
| into the specified paths, and unlisted |
| keys will not be present. If a key |
| is specified which is not present |
| in the Secret, the volume setup |
| will error unless it is marked optional. |
| Paths must be relative and may not |
| contain the '..' path or start with |
| '..'. |
| items: |
| description: Maps a string key to |
| a path within a volume. |
| properties: |
| key: |
| description: key is the key |
| to project. |
| type: string |
| mode: |
| description: 'mode is Optional: |
| mode bits used to set permissions |
| on this file. Must be an octal |
| value between 0000 and 0777 |
| or a decimal value between |
| 0 and 511. YAML accepts both |
| octal and decimal values, |
| JSON requires decimal values |
| for mode bits. If not specified, |
| the volume defaultMode will |
| be used. This might be in |
| conflict with other options |
| that affect the file mode, |
| like fsGroup, and the result |
| can be other mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative |
| path of the file to map the |
| key to. May not be an absolute |
| path. May not contain the |
| path element '..'. May not |
| start with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| name: |
| description: 'Name of the referent. |
| More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| optional: |
| description: optional field specify |
| whether the Secret or its key must |
| be defined |
| type: boolean |
| type: object |
| x-kubernetes-map-type: atomic |
| serviceAccountToken: |
| description: serviceAccountToken is information |
| about the serviceAccountToken data to |
| project |
| properties: |
| audience: |
| description: audience is the intended |
| audience of the token. A recipient |
| of a token must identify itself |
| with an identifier specified in |
| the audience of the token, and otherwise |
| should reject the token. The audience |
| defaults to the identifier of the |
| apiserver. |
| type: string |
| expirationSeconds: |
| description: expirationSeconds is |
| the requested duration of validity |
| of the service account token. As |
| the token approaches expiration, |
| the kubelet volume plugin will proactively |
| rotate the service account token. |
| The kubelet will start trying to |
| rotate the token if the token is |
| older than 80 percent of its time |
| to live or if the token is older |
| than 24 hours.Defaults to 1 hour |
| and must be at least 10 minutes. |
| format: int64 |
| type: integer |
| path: |
| description: path is the path relative |
| to the mount point of the file to |
| project the token into. |
| type: string |
| required: |
| - path |
| type: object |
| type: object |
| type: array |
| type: object |
| quobyte: |
| description: quobyte represents a Quobyte mount |
| on the host that shares a pod's lifetime |
| properties: |
| group: |
| description: group to map volume access to Default |
| is no group |
| type: string |
| readOnly: |
| description: readOnly here will force the Quobyte |
| volume to be mounted with read-only permissions. |
| Defaults to false. |
| type: boolean |
| registry: |
| description: registry represents a single or |
| multiple Quobyte Registry services specified |
| as a string as host:port pair (multiple entries |
| are separated with commas) which acts as the |
| central registry for volumes |
| type: string |
| tenant: |
| description: tenant owning the given Quobyte |
| volume in the Backend Used with dynamically |
| provisioned Quobyte volumes, value is set |
| by the plugin |
| type: string |
| user: |
| description: user to map volume access to Defaults |
| to serivceaccount user |
| type: string |
| volume: |
| description: volume is a string that references |
| an already created Quobyte volume by name. |
| type: string |
| required: |
| - registry |
| - volume |
| type: object |
| rbd: |
| description: 'rbd represents a Rados Block Device |
| mount on the host that shares a pod''s lifetime. |
| More info: https://examples.k8s.io/volumes/rbd/README.md' |
| properties: |
| fsType: |
| description: 'fsType is the filesystem type |
| of the volume that you want to mount. Tip: |
| Ensure that the filesystem type is supported |
| by the host operating system. Examples: "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd |
| TODO: how do we prevent errors in the filesystem |
| from compromising the machine' |
| type: string |
| image: |
| description: 'image is the rados image name. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| keyring: |
| description: 'keyring is the path to key ring |
| for RBDUser. Default is /etc/ceph/keyring. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| monitors: |
| description: 'monitors is a collection of Ceph |
| monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| items: |
| type: string |
| type: array |
| pool: |
| description: 'pool is the rados pool name. Default |
| is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| readOnly: |
| description: 'readOnly here will force the ReadOnly |
| setting in VolumeMounts. Defaults to false. |
| More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: boolean |
| secretRef: |
| description: 'secretRef is name of the authentication |
| secret for RBDUser. If provided overrides |
| keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| user: |
| description: 'user is the rados user name. Default |
| is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' |
| type: string |
| required: |
| - image |
| - monitors |
| type: object |
| scaleIO: |
| description: scaleIO represents a ScaleIO persistent |
| volume attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Default is "xfs". |
| type: string |
| gateway: |
| description: gateway is the host address of |
| the ScaleIO API Gateway. |
| type: string |
| protectionDomain: |
| description: protectionDomain is the name of |
| the ScaleIO Protection Domain for the configured |
| storage. |
| type: string |
| readOnly: |
| description: readOnly Defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef references to the secret |
| for ScaleIO user and other sensitive information. |
| If this is not provided, Login operation will |
| fail. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| sslEnabled: |
| description: sslEnabled Flag enable/disable |
| SSL communication with Gateway, default false |
| type: boolean |
| storageMode: |
| description: storageMode indicates whether the |
| storage for a volume should be ThickProvisioned |
| or ThinProvisioned. Default is ThinProvisioned. |
| type: string |
| storagePool: |
| description: storagePool is the ScaleIO Storage |
| Pool associated with the protection domain. |
| type: string |
| system: |
| description: system is the name of the storage |
| system as configured in ScaleIO. |
| type: string |
| volumeName: |
| description: volumeName is the name of a volume |
| already created in the ScaleIO system that |
| is associated with this volume source. |
| type: string |
| required: |
| - gateway |
| - secretRef |
| - system |
| type: object |
| secret: |
| description: 'secret represents a secret that should |
| populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| properties: |
| defaultMode: |
| description: 'defaultMode is Optional: mode |
| bits used to set permissions on created files |
| by default. Must be an octal value between |
| 0000 and 0777 or a decimal value between 0 |
| and 511. YAML accepts both octal and decimal |
| values, JSON requires decimal values for mode |
| bits. Defaults to 0644. Directories within |
| the path are not affected by this setting. |
| This might be in conflict with other options |
| that affect the file mode, like fsGroup, and |
| the result can be other mode bits set.' |
| format: int32 |
| type: integer |
| items: |
| description: items If unspecified, each key-value |
| pair in the Data field of the referenced Secret |
| will be projected into the volume as a file |
| whose name is the key and content is the value. |
| If specified, the listed keys will be projected |
| into the specified paths, and unlisted keys |
| will not be present. If a key is specified |
| which is not present in the Secret, the volume |
| setup will error unless it is marked optional. |
| Paths must be relative and may not contain |
| the '..' path or start with '..'. |
| items: |
| description: Maps a string key to a path within |
| a volume. |
| properties: |
| key: |
| description: key is the key to project. |
| type: string |
| mode: |
| description: 'mode is Optional: mode bits |
| used to set permissions on this file. |
| Must be an octal value between 0000 |
| and 0777 or a decimal value between |
| 0 and 511. YAML accepts both octal and |
| decimal values, JSON requires decimal |
| values for mode bits. If not specified, |
| the volume defaultMode will be used. |
| This might be in conflict with other |
| options that affect the file mode, like |
| fsGroup, and the result can be other |
| mode bits set.' |
| format: int32 |
| type: integer |
| path: |
| description: path is the relative path |
| of the file to map the key to. May not |
| be an absolute path. May not contain |
| the path element '..'. May not start |
| with the string '..'. |
| type: string |
| required: |
| - key |
| - path |
| type: object |
| type: array |
| optional: |
| description: optional field specify whether |
| the Secret or its keys must be defined |
| type: boolean |
| secretName: |
| description: 'secretName is the name of the |
| secret in the pod''s namespace to use. More |
| info: https://kubernetes.io/docs/concepts/storage/volumes#secret' |
| type: string |
| type: object |
| storageos: |
| description: storageOS represents a StorageOS volume |
| attached and mounted on Kubernetes nodes. |
| properties: |
| fsType: |
| description: fsType is the filesystem type to |
| mount. Must be a filesystem type supported |
| by the host operating system. Ex. "ext4", |
| "xfs", "ntfs". Implicitly inferred to be "ext4" |
| if unspecified. |
| type: string |
| readOnly: |
| description: readOnly defaults to false (read/write). |
| ReadOnly here will force the ReadOnly setting |
| in VolumeMounts. |
| type: boolean |
| secretRef: |
| description: secretRef specifies the secret |
| to use for obtaining the StorageOS API credentials. If |
| not specified, default values will be attempted. |
| properties: |
| name: |
| description: 'Name of the referent. More |
| info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, |
| kind, uid?' |
| type: string |
| type: object |
| x-kubernetes-map-type: atomic |
| volumeName: |
| description: volumeName is the human-readable |
| name of the StorageOS volume. Volume names |
| are only unique within a namespace. |
| type: string |
| volumeNamespace: |
| description: volumeNamespace specifies the scope |
| of the volume within StorageOS. If no namespace |
| is specified then the Pod's namespace will |
| be used. This allows the Kubernetes name |
| scoping to be mirrored within StorageOS for |
| tighter integration. Set VolumeName to any |
| name to override the default behaviour. Set |
| to "default" if you are not using namespaces |
| within StorageOS. Namespaces that do not pre-exist |
| within StorageOS will be created. |
| type: string |
| type: object |
| vsphereVolume: |
| description: vsphereVolume represents a vSphere |
| volume attached and mounted on kubelets host machine |
| properties: |
| fsType: |
| description: fsType is filesystem type to mount. |
| Must be a filesystem type supported by the |
| host operating system. Ex. "ext4", "xfs", |
| "ntfs". Implicitly inferred to be "ext4" if |
| unspecified. |
| type: string |
| storagePolicyID: |
| description: storagePolicyID is the storage |
| Policy Based Management (SPBM) profile ID |
| associated with the StoragePolicyName. |
| type: string |
| storagePolicyName: |
| description: storagePolicyName is the storage |
| Policy Based Management (SPBM) profile name. |
| type: string |
| volumePath: |
| description: volumePath is the path that identifies |
| vSphere volume vmdk |
| type: string |
| required: |
| - volumePath |
| type: object |
| type: object |
| required: |
| - name |
| - source |
| type: object |
| type: array |
| type: object |
| serviceOptions: |
| description: ServiceOptions defines the custom options for the |
| solrPrometheusExporter Service. |
| properties: |
| annotations: |
| additionalProperties: |
| type: string |
| description: Annotations to be added for the Service. |
| type: object |
| labels: |
| additionalProperties: |
| type: string |
| description: Labels to be added for the Service. |
| type: object |
| type: object |
| type: object |
| exporterEntrypoint: |
| description: The entrypoint into the exporter. Defaults to the official |
| docker-solr location. |
| type: string |
| image: |
| description: Image of Solr Prometheus Exporter to run. |
| properties: |
| imagePullSecret: |
| type: string |
| pullPolicy: |
| description: PullPolicy describes a policy for if/when to pull |
| a container image |
| type: string |
| repository: |
| type: string |
| tag: |
| type: string |
| type: object |
| metricsConfig: |
| description: The xml config for the metrics |
| type: string |
| numThreads: |
| description: Number of threads to use for the prometheus exporter |
| Defaults to 1 |
| format: int32 |
| type: integer |
| restartSchedule: |
| description: "Perform a scheduled restart on the given schedule, in |
| CRON format. \n Multiple CRON syntaxes are supported - Standard |
| CRON (e.g. \"CRON_TZ=Asia/Seoul 0 6 * * ?\") - Predefined Schedules |
| (e.g. \"@yearly\", \"@weekly\", etc.) - Intervals (e.g. \"@every |
| 10h30m\") \n For more information please check this reference: https://pkg.go.dev/github.com/robfig/cron/v3?utm_source=godoc#hdr-CRON_Expression_Format" |
| type: string |
| scrapeInterval: |
| description: The interval to scrape Solr at (in seconds) Defaults |
| to 60 seconds |
| format: int32 |
| type: integer |
| solrReference: |
| description: Reference of the Solr instance to collect metrics for |
| properties: |
| basicAuthSecret: |
| description: 'If Solr is secured, you''ll need to provide credentials |
| for the Prometheus exporter to authenticate via a kubernetes.io/basic-auth |
| secret which must contain a username and password. If basic |
| auth is enabled on the SolrCloud instance, the default secret |
| (unless you are supplying your own) is named using the pattern: |
| <SOLR_CLOUD_NAME>-solrcloud-basic-auth. If using the security.json |
| bootstrapped by the Solr operator, then the username is "k8s-oper".' |
| type: string |
| cloud: |
| description: Reference of a solrCloud instance |
| properties: |
| name: |
| description: The name of a solr cloud running within the kubernetes |
| cluster |
| type: string |
| namespace: |
| description: The namespace of a solr cloud running within |
| the kubernetes cluster |
| type: string |
| zkConnectionInfo: |
| description: The ZK Connection information for a cloud, could |
| be used for solr's running outside of the kube cluster |
| properties: |
| acl: |
| description: ZooKeeper ACL to use when connecting with |
| ZK. This ACL should have ALL permission in the given |
| chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret |
| that contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that |
| stores the username and password for the ACL. This |
| secret must be in the same namespace as the solrCloud |
| or prometheusExporter is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret |
| that contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| chroot: |
| description: The ChRoot to connect solr at |
| type: string |
| externalConnectionString: |
| description: The connection string to connect to the ensemble |
| from outside of the Kubernetes cluster If external and |
| no internal connection string is provided, the external |
| cnx string will be used as the internal cnx string |
| type: string |
| internalConnectionString: |
| description: The connection string to connect to the ensemble |
| from within the Kubernetes cluster |
| type: string |
| readOnlyAcl: |
| description: ZooKeeper ACL to use when connecting with |
| ZK for reading operations. This ACL should have READ |
| permission in the given chRoot. |
| properties: |
| passwordKey: |
| description: The name of the key in the given secret |
| that contains the ACL password |
| type: string |
| secret: |
| description: The name of the Kubernetes Secret that |
| stores the username and password for the ACL. This |
| secret must be in the same namespace as the solrCloud |
| or prometheusExporter is running in. |
| type: string |
| usernameKey: |
| description: The name of the key in the given secret |
| that contains the ACL username |
| type: string |
| required: |
| - passwordKey |
| - secret |
| - usernameKey |
| type: object |
| type: object |
| type: object |
| solrTLS: |
| description: Settings to configure the SolrJ client used to request |
| metrics from TLS enabled Solr pods |
| properties: |
| checkPeerName: |
| description: TLS certificates contain host/ip "peer name" |
| information that is validated by default. |
| type: boolean |
| clientAuth: |
| default: None |
| description: Determines the client authentication method, |
| either None, Want, or Need; this affects K8s ability to |
| call liveness / readiness probes so use cautiously. Only |
| applies for server certificates, has no effect on client |
| certificates |
| enum: |
| - None |
| - Want |
| - Need |
| type: string |
| keyStorePasswordSecret: |
| description: Secret containing the key store password; this |
| field is required unless mountedTLSDir is used, as most |
| JVMs do not support pkcs12 keystores without a password |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must |
| be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| mountedTLSDir: |
| description: Used to specify a path where the keystore, truststore, |
| and password files for the TLS certificate are mounted by |
| an external agent or CSI driver. This option is typically |
| used with `spec.updateStrategy.restartSchedule` to restart |
| Solr pods before the mounted TLS cert expires. |
| properties: |
| keystoreFile: |
| description: Override the name of the keystore file; no |
| default, if you don't supply this setting, then the |
| corresponding env vars and Java system properties will |
| not be configured for the pod template |
| type: string |
| keystorePassword: |
| description: Set the password of the keystore explicitly. |
| Cannot be used with "keystorePasswordFile" |
| type: string |
| keystorePasswordFile: |
| description: Override the name of the keystore password |
| file; defaults to keystore-password, if "keystorePassword" |
| is not provided. |
| type: string |
| path: |
| description: The path on the main Solr container where |
| the TLS files are mounted by some external agent or |
| CSI Driver |
| type: string |
| truststoreFile: |
| description: Override the name of the truststore file; |
| no default, if you don't supply this setting, then the |
| corresponding env vars and Java system properties will |
| not be configured for the pod template |
| type: string |
| truststorePassword: |
| description: Set the password of the truststore explicitly. |
| If "keystorePassword" is provided, and "truststorePasswordFile" |
| is not, this will be defaulted to "keystorePassword". |
| type: string |
| truststorePasswordFile: |
| description: Override the name of the truststore password |
| file; defaults to the same value as the KeystorePasswordFile, |
| if "truststorePassword" is not provided. |
| type: string |
| required: |
| - path |
| type: object |
| pkcs12Secret: |
| description: TLS Secret containing a pkcs12 keystore; required |
| for Solr pods unless mountedTLSDir is used |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must |
| be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| restartOnTLSSecretUpdate: |
| description: Opt-in flag to restart Solr pods after TLS secret |
| updates, such as if the cert is renewed; default is false. |
| This option only applies when using the `spec.solrTLS.pkcs12Secret` |
| option; when using the `spec.solrTLS.mountedTLSDir` option, |
| you need to ensure pods get restarted before the certs expire, |
| see `spec.updateStrategy.restartSchedule` for scheduling |
| restarts. |
| type: boolean |
| trustStorePasswordSecret: |
| description: Secret containing the trust store password; if |
| not provided the keyStorePassword will be used |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must |
| be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| trustStoreSecret: |
| description: TLS Secret containing a pkcs12 truststore; if |
| not provided, then the keystore and password are used for |
| the truststore The specified key is used as the truststore |
| file name when mounted into Solr pods |
| properties: |
| key: |
| description: The key of the secret to select from. Must |
| be a valid secret key. |
| type: string |
| name: |
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
| TODO: Add other useful fields. apiVersion, kind, uid?' |
| type: string |
| optional: |
| description: Specify whether the Secret or its key must |
| be defined |
| type: boolean |
| required: |
| - key |
| type: object |
| x-kubernetes-map-type: atomic |
| verifyClientHostname: |
| description: Verify client's hostname during SSL handshake |
| Only applies for server configuration |
| type: boolean |
| type: object |
| standalone: |
| description: Reference of a standalone solr instance |
| properties: |
| address: |
| description: The address of the standalone solr |
| type: string |
| required: |
| - address |
| type: object |
| type: object |
| required: |
| - solrReference |
| type: object |
| status: |
| description: SolrPrometheusExporterStatus defines the observed state of |
| SolrPrometheusExporter |
| properties: |
| ready: |
| description: Is the prometheus exporter up and running |
| type: boolean |
| type: object |
| type: object |
| served: true |
| storage: true |
| subresources: |
| status: {} |