Skip to content

Instantly share code, notes, and snippets.

@Jeffwan

Jeffwan/guidance.md

Last active June 16, 2022 06:55
Show Gist options
  • Save Jeffwan/5fa17272f862f1f321eeadf2ca92deb6 to your computer and use it in GitHub Desktop.
Save Jeffwan/5fa17272f862f1f321eeadf2ca92deb6 to your computer and use it in GitHub Desktop.
Download ZIP
workspace-operator example
Raw
guidance.md

Setups to try workspace operator

  1. Make sure you have ray-system namespace. if not, kubectl create ns ray-system
  2. kubectl create -f ray.io_workspaces.yaml
  3. kubectl apply -f workspace-operator.yaml
  4. Create a jupyter notebook. kubectl apply -f ray.io_v1alpha1_workspace.yaml
  5. Use the nodeport or port-forward the service. Then open browser nodeip:nodeport/kuberay/workspace.

Note: operator image and jupyter image can be used directly. I upload to my personal dockerhub. I will try to finish OSS process soon.

Raw
ray.io_v1alpha1_workspace.yaml
apiVersion: ray.io/v1alpha1
kind: Workspace
metadata:
name: jupyter
spec:
template:
spec:
containers:
- image: seedjeffwan/kuberay-workspace-notebook:0.1
name: notebook
resources:
requests:
cpu: 2
memory: 2Gi
Raw
ray.io_workspaces.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
creationTimestamp: null
name: workspaces.ray.io
spec:
group: ray.io
names:
kind: Workspace
listKind: WorkspaceList
plural: workspaces
singular: workspace
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Workspace is the Schema for the workspaces API
properties:
apiVersion:
description: APIVersion defines the versioned schema of this representation
of an object.
type: string
kind:
description: Kind is a string value representing the REST resource this
object represents.
type: string
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
template:
properties:
spec:
description: PodSpec is a description of a pod.
properties:
activeDeadlineSeconds:
description: Optional duration in seconds the pod may be active
on the node relative to StartTime before the syst
format: int64
type: integer
affinity:
description: If specified, the pod's scheduling constraints
properties:
nodeAffinity:
description: Describes node affinity scheduling rules
for the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: 'The scheduler will prefer to schedule
pods to nodes that satisfy the affinity expressions
specified '
items:
description: An empty preferred scheduling term
matches all objects with implicit weight 0 (i.e.
it's a no-op).
properties:
preference:
description: A node selector term, associated
with the corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: 'A node selector requirement
is a selector that contains values,
a key, and an operator that relates '
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: 'A node selector requirement
is a selector that contains values,
a key, and an operator that relates '
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching
the corresponding nodeSelectorTerm, in the
range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified
by this field are not met at scheduling time, the
pod will no
properties:
nodeSelectorTerms:
description: Required. A list of node selector
terms. The terms are ORed.
items:
description: A null or empty node selector term
matches no objects. The requirements of them
are ANDed.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: 'A node selector requirement
is a selector that contains values,
a key, and an operator that relates '
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: 'A node selector requirement
is a selector that contains values,
a key, and an operator that relates '
properties:
key:
description: The label key that the
selector applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values.
type: string
values:
description: An array of string values.
If the operator is In or NotIn,
the values array must be non-empty.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
co-locate this pod in the same node, zone, etc.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: 'The scheduler will prefer to schedule
pods to nodes that satisfy the affinity expressions
specified '
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most
properties:
podAffinityTerm:
description: Required. A pod affinity term,
associated with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of
resources, in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values.
type: string
values:
description: values is an array
of string values.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs.
type: object
type: object
namespaces:
description: 'namespaces specifies which
namespaces the labelSelector applies to
(matches against); null or empty '
items:
type: string
type: array
topologyKey:
description: This pod should be co-located
(affinity) or not co-located (anti-affinity)
with the pods matching th
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching
the corresponding podAffinityTerm, in the
range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified
by this field are not met at scheduling time, the
pod will no
items:
description: Defines a set of pods (namely those
matching the labelSelector relative to the given
namespace(s)) t
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
type: string
values:
description: values is an array of
string values.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs.
type: object
type: object
namespaces:
description: 'namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty '
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching th
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules
(e.g.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule
pods to nodes that satisfy the anti-affinity expressions
speci
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most
properties:
podAffinityTerm:
description: Required. A pod affinity term,
associated with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of
resources, in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values.
type: string
values:
description: values is an array
of string values.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs.
type: object
type: object
namespaces:
description: 'namespaces specifies which
namespaces the labelSelector applies to
(matches against); null or empty '
items:
type: string
type: array
topologyKey:
description: This pod should be co-located
(affinity) or not co-located (anti-affinity)
with the pods matching th
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching
the corresponding podAffinityTerm, in the
range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified
by this field are not met at scheduling time, the
pod wi
items:
description: Defines a set of pods (namely those
matching the labelSelector relative to the given
namespace(s)) t
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
type: string
values:
description: values is an array of
string values.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs.
type: object
type: object
namespaces:
description: 'namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty '
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching th
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
automountServiceAccountToken:
description: AutomountServiceAccountToken indicates whether
a service account token should be automatically mount
type: boolean
containers:
description: List of containers belonging to the pod. Containers
cannot currently be added or removed.
items:
description: A single application container that you want
to run within a pod.
properties:
args:
description: Arguments to the entrypoint. The docker
image's CMD is used if this is not provided.
items:
type: string
type: array
command:
description: Entrypoint array. Not executed within a
shell.
items:
type: string
type: array
env:
description: List of environment variables to set in
the container. Cannot be updated.
items:
description: EnvVar represents an environment variable
present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: Variable references $(VAR_NAME) are
expanded using the previous defined environment
variables in the
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment
variables in the container.
items:
description: EnvFromSource represents the source of
a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
optional:
description: Specify whether the Secret must
be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.'
type: string
imagePullPolicy:
description: Image pull policy. One of Always, Never,
IfNotPresent.
type: string
lifecycle:
description: Actions that the management system should
take in response to container lifecycle events.
properties:
postStart:
description: PostStart is called immediately after
a container is created.
properties:
exec:
description: One and only one of the following
should be specified. Exec specifies the action
to take.
properties:
command:
description: 'Command is the command line
to execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: PreStop is called immediately before
a container is terminated due to an API request
or management e
properties:
exec:
description: One and only one of the following
should be specified. Exec specifies the action
to take.
properties:
command:
description: 'Command is the command line
to execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: Periodic probe of container liveness. Container
will be restarted if the probe fails.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
type: string
ports:
description: List of ports to expose from the container.
items:
description: ContainerPort represents a network port
in a single container.
properties:
containerPort:
description: Number of port to expose on the pod's
IP address. This must be a valid port number,
0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external
port to.
type: string
hostPort:
description: Number of port to expose on the host.
If specified, this must be a valid port number,
0 < x < 65536.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP,
or SCTP. Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: Periodic probe of container service readiness.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Requests describes the minimum amount
of compute resources required.
type: object
type: object
securityContext:
description: 'Security options the pod should run with.
More info: https://kubernetes.'
properties:
allowPrivilegeEscalation:
description: AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent
process
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode.
type: boolean
procMount:
description: procMount denotes the type of proc
mount to use for the containers.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
root filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
container process. Uses runtime default if unset.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run
as a non-root user.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the
container process.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to
the container.
properties:
level:
description: Level is SELinux level label that
applies to the container.
type: string
role:
description: Role is a SELinux role label that
applies to the container.
type: string
type:
description: Type is a SELinux type label that
applies to the container.
type: string
user:
description: User is a SELinux user label that
applies to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this
container.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
type: string
type:
description: type indicates which kind of seccomp
profile will be applied.
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied
to all containers.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
GMSA admission webhook (https://github.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process.
type: string
type: object
type: object
startupProbe:
description: StartupProbe indicates that the Pod has
successfully initialized.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate
a buffer for stdin in the container runtime.
type: boolean
stdinOnce:
description: Whether the container runtime should close
the stdin channel after it has been opened by a single
at
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which
the container''s termination message will be written
is mou'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should
be populated.
type: string
tty:
description: Whether this container should allocate
a TTY for itself, also requires 'stdin' to be true.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices
to be used by the container.
items:
description: volumeDevice describes a mapping of a
raw block device within a container.
properties:
devicePath:
description: devicePath is the path inside of
the container that the device will be mapped
to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's
filesystem. Cannot be updated.
items:
description: VolumeMount describes a mounting of a
Volume within a container.
properties:
mountPath:
description: Path within the container at which
the volume should be mounted. Must not contain
':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts
are propagated from the host to container and
the other way a
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write
otherwise (false or unspecified). Defaults to
false.
type: boolean
subPath:
description: Path within the volume from which
the container's volume should be mounted.
type: string
subPathExpr:
description: Expanded path within the volume from
which the container's volume should be mounted.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory.
type: string
required:
- name
type: object
type: array
dnsConfig:
description: Specifies the DNS parameters of a pod.
properties:
nameservers:
description: A list of DNS name server IP addresses.
items:
type: string
type: array
options:
description: A list of DNS resolver options. This will
be merged with the base options generated from DNSPolicy.
items:
description: PodDNSConfigOption defines DNS resolver
options of a pod.
properties:
name:
description: Required.
type: string
value:
type: string
type: object
type: array
searches:
description: A list of DNS search domains for host-name
lookup.
items:
type: string
type: array
type: object
dnsPolicy:
description: Set DNS policy for the pod. Defaults to "ClusterFirst".
type: string
enableServiceLinks:
description: EnableServiceLinks indicates whether information
about services should be injected into pod's enviro
type: boolean
ephemeralContainers:
description: List of ephemeral containers run in this pod.
items:
description: An EphemeralContainer is a container that may
be added temporarily to an existing pod for user-initi
properties:
args:
description: Arguments to the entrypoint. The docker
image's CMD is used if this is not provided.
items:
type: string
type: array
command:
description: Entrypoint array. Not executed within a
shell.
items:
type: string
type: array
env:
description: List of environment variables to set in
the container. Cannot be updated.
items:
description: EnvVar represents an environment variable
present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: Variable references $(VAR_NAME) are
expanded using the previous defined environment
variables in the
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment
variables in the container.
items:
description: EnvFromSource represents the source of
a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
optional:
description: Specify whether the Secret must
be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
type: string
imagePullPolicy:
description: Image pull policy. One of Always, Never,
IfNotPresent.
type: string
lifecycle:
description: Lifecycle is not allowed for ephemeral
containers.
properties:
postStart:
description: PostStart is called immediately after
a container is created.
properties:
exec:
description: One and only one of the following
should be specified. Exec specifies the action
to take.
properties:
command:
description: 'Command is the command line
to execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: PreStop is called immediately before
a container is terminated due to an API request
or management e
properties:
exec:
description: One and only one of the following
should be specified. Exec specifies the action
to take.
properties:
command:
description: 'Command is the command line
to execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: Probes are not allowed for ephemeral containers.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
name:
description: Name of the ephemeral container specified
as a DNS_LABEL.
type: string
ports:
description: Ports are not allowed for ephemeral containers.
items:
description: ContainerPort represents a network port
in a single container.
properties:
containerPort:
description: Number of port to expose on the pod's
IP address. This must be a valid port number,
0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external
port to.
type: string
hostPort:
description: Number of port to expose on the host.
If specified, this must be a valid port number,
0 < x < 65536.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP,
or SCTP. Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
readinessProbe:
description: Probes are not allowed for ephemeral containers.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
resources:
description: Resources are not allowed for ephemeral
containers.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Requests describes the minimum amount
of compute resources required.
type: object
type: object
securityContext:
description: SecurityContext is not allowed for ephemeral
containers.
properties:
allowPrivilegeEscalation:
description: AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent
process
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode.
type: boolean
procMount:
description: procMount denotes the type of proc
mount to use for the containers.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
root filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
container process. Uses runtime default if unset.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run
as a non-root user.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the
container process.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to
the container.
properties:
level:
description: Level is SELinux level label that
applies to the container.
type: string
role:
description: Role is a SELinux role label that
applies to the container.
type: string
type:
description: Type is a SELinux type label that
applies to the container.
type: string
user:
description: User is a SELinux user label that
applies to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this
container.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
type: string
type:
description: type indicates which kind of seccomp
profile will be applied.
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied
to all containers.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
GMSA admission webhook (https://github.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process.
type: string
type: object
type: object
startupProbe:
description: Probes are not allowed for ephemeral containers.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate
a buffer for stdin in the container runtime.
type: boolean
stdinOnce:
description: Whether the container runtime should close
the stdin channel after it has been opened by a single
at
type: boolean
targetContainerName:
description: If set, the name of the container from
PodSpec that this ephemeral container targets.
type: string
terminationMessagePath:
description: 'Optional: Path at which the file to which
the container''s termination message will be written
is mou'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should
be populated.
type: string
tty:
description: Whether this container should allocate
a TTY for itself, also requires 'stdin' to be true.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices
to be used by the container.
items:
description: volumeDevice describes a mapping of a
raw block device within a container.
properties:
devicePath:
description: devicePath is the path inside of
the container that the device will be mapped
to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's
filesystem. Cannot be updated.
items:
description: VolumeMount describes a mounting of a
Volume within a container.
properties:
mountPath:
description: Path within the container at which
the volume should be mounted. Must not contain
':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts
are propagated from the host to container and
the other way a
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write
otherwise (false or unspecified). Defaults to
false.
type: boolean
subPath:
description: Path within the volume from which
the container's volume should be mounted.
type: string
subPathExpr:
description: Expanded path within the volume from
which the container's volume should be mounted.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory.
type: string
required:
- name
type: object
type: array
hostAliases:
description: 'HostAliases is an optional list of hosts and
IPs that will be injected into the pod''s hosts file if '
items:
description: 'HostAlias holds the mapping between IP and
hostnames that will be injected as an entry in the pod''s '
properties:
hostnames:
description: Hostnames for the above IP address.
items:
type: string
type: array
ip:
description: IP address of the host file entry.
type: string
type: object
type: array
hostIPC:
description: 'Use the host''s ipc namespace. Optional: Default
to false.'
type: boolean
hostNetwork:
description: Host networking requested for this pod. Use the
host's network namespace.
type: boolean
hostPID:
description: 'Use the host''s pid namespace. Optional: Default
to false.'
type: boolean
hostname:
description: Specifies the hostname of the Pod If not specified,
the pod's hostname will be set to a system-defin
type: string
imagePullSecrets:
description: ImagePullSecrets is an optional list of references
to secrets in the same namespace to use for pulli
items:
description: 'LocalObjectReference contains enough information
to let you locate the referenced object inside the '
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.'
type: string
type: object
type: array
initContainers:
description: List of initialization containers belonging to
the pod.
items:
description: A single application container that you want
to run within a pod.
properties:
args:
description: Arguments to the entrypoint. The docker
image's CMD is used if this is not provided.
items:
type: string
type: array
command:
description: Entrypoint array. Not executed within a
shell.
items:
type: string
type: array
env:
description: List of environment variables to set in
the container. Cannot be updated.
items:
description: EnvVar represents an environment variable
present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: Variable references $(VAR_NAME) are
expanded using the previous defined environment
variables in the
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in
the pod's namespace
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment
variables in the container.
items:
description: EnvFromSource represents the source of
a set of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap
must be defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend
to each key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
optional:
description: Specify whether the Secret must
be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.'
type: string
imagePullPolicy:
description: Image pull policy. One of Always, Never,
IfNotPresent.
type: string
lifecycle:
description: Actions that the management system should
take in response to container lifecycle events.
properties:
postStart:
description: PostStart is called immediately after
a container is created.
properties:
exec:
description: One and only one of the following
should be specified. Exec specifies the action
to take.
properties:
command:
description: 'Command is the command line
to execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: PreStop is called immediately before
a container is terminated due to an API request
or management e
properties:
exec:
description: One and only one of the following
should be specified. Exec specifies the action
to take.
properties:
command:
description: 'Command is the command line
to execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the
request. HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP
server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting
to the host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port
to access on the container. Number must
be in the range 1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: Periodic probe of container liveness. Container
will be restarted if the probe fails.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
type: string
ports:
description: List of ports to expose from the container.
items:
description: ContainerPort represents a network port
in a single container.
properties:
containerPort:
description: Number of port to expose on the pod's
IP address. This must be a valid port number,
0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external
port to.
type: string
hostPort:
description: Number of port to expose on the host.
If specified, this must be a valid port number,
0 < x < 65536.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP,
or SCTP. Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: Periodic probe of container service readiness.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Requests describes the minimum amount
of compute resources required.
type: object
type: object
securityContext:
description: 'Security options the pod should run with.
More info: https://kubernetes.'
properties:
allowPrivilegeEscalation:
description: AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent
process
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode.
type: boolean
procMount:
description: procMount denotes the type of proc
mount to use for the containers.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only
root filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the
container process. Uses runtime default if unset.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run
as a non-root user.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the
container process.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to
the container.
properties:
level:
description: Level is SELinux level label that
applies to the container.
type: string
role:
description: Role is a SELinux role label that
applies to the container.
type: string
type:
description: Type is a SELinux type label that
applies to the container.
type: string
user:
description: User is a SELinux user label that
applies to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this
container.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
type: string
type:
description: type indicates which kind of seccomp
profile will be applied.
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied
to all containers.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the
GMSA admission webhook (https://github.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run
the entrypoint of the container process.
type: string
type: object
type: object
startupProbe:
description: StartupProbe indicates that the Pod has
successfully initialized.
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: 'Command is the command line to
execute inside the container, the working
directory for the command '
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the
probe to be considered failed after having succeeded.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request
to perform.
properties:
host:
description: Host name to connect to, defaults
to the pod IP.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom
header to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to
the host. Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: Number of seconds after the container
has started before liveness probes are initiated.
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the
probe. Default to 10 seconds. Minimum value is
1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the
probe to be considered successful after having
failed.
format: int32
type: integer
tcpSocket:
description: TCPSocket specifies an action involving
a TCP port.
properties:
host:
description: 'Optional: Host name to connect
to, defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: Number of seconds after which the probe
times out. Defaults to 1 second. Minimum value
is 1.
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate
a buffer for stdin in the container runtime.
type: boolean
stdinOnce:
description: Whether the container runtime should close
the stdin channel after it has been opened by a single
at
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which
the container''s termination message will be written
is mou'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should
be populated.
type: string
tty:
description: Whether this container should allocate
a TTY for itself, also requires 'stdin' to be true.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices
to be used by the container.
items:
description: volumeDevice describes a mapping of a
raw block device within a container.
properties:
devicePath:
description: devicePath is the path inside of
the container that the device will be mapped
to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's
filesystem. Cannot be updated.
items:
description: VolumeMount describes a mounting of a
Volume within a container.
properties:
mountPath:
description: Path within the container at which
the volume should be mounted. Must not contain
':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts
are propagated from the host to container and
the other way a
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write
otherwise (false or unspecified). Defaults to
false.
type: boolean
subPath:
description: Path within the volume from which
the container's volume should be mounted.
type: string
subPathExpr:
description: Expanded path within the volume from
which the container's volume should be mounted.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory.
type: string
required:
- name
type: object
type: array
nodeName:
description: NodeName is a request to schedule this pod onto
a specific node.
type: string
nodeSelector:
additionalProperties:
type: string
description: NodeSelector is a selector which must be true
for the pod to fit on a node.
type: object
overhead:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Overhead represents the resource overhead associated
with running a pod for a given RuntimeClass.
type: object
preemptionPolicy:
description: PreemptionPolicy is the Policy for preempting
pods with lower priority.
type: string
priority:
description: The priority value. Various system components
use this field to find the priority of the pod.
format: int32
type: integer
priorityClassName:
description: If specified, indicates the pod's priority.
type: string
readinessGates:
description: If specified, all readiness gates will be evaluated
for pod readiness.
items:
description: PodReadinessGate contains the reference to
a pod condition
properties:
conditionType:
description: ConditionType refers to a condition in
the pod's condition list with matching type.
type: string
required:
- conditionType
type: object
type: array
restartPolicy:
description: Restart policy for all containers within the
pod. One of Always, OnFailure, Never.
type: string
runtimeClassName:
description: RuntimeClassName refers to a RuntimeClass object
in the node.k8s.
type: string
schedulerName:
description: If specified, the pod will be dispatched by specified
scheduler.
type: string
securityContext:
description: SecurityContext holds pod-level security attributes
and common container settings.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod.
format: int64
type: integer
fsGroupChangePolicy:
description: fsGroupChangePolicy defines behavior of changing
ownership and permission of the volume before being
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as
a non-root user.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all
containers.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by the containers
in this pod.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used.
type: string
type:
description: type indicates which kind of seccomp
profile will be applied.
type: string
required:
- type
type: object
supplementalGroups:
description: 'A list of groups applied to the first process
run in each container, in addition to the container''s '
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls
used for the pod.
items:
description: Sysctl defines a kernel parameter to be
set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to
all containers.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
admission webhook (https://github.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process.
type: string
type: object
type: object
serviceAccount:
description: DeprecatedServiceAccount is a depreciated alias
for ServiceAccountName.
type: string
serviceAccountName:
description: ServiceAccountName is the name of the ServiceAccount
to use to run this pod.
type: string
setHostnameAsFQDN:
description: If true the pod's hostname will be configured
as the pod's FQDN, rather than the leaf name (the defa
type: boolean
shareProcessNamespace:
description: Share a single process namespace between all
of the containers in a pod.
type: boolean
subdomain:
description: If specified, the fully qualified Pod hostname
will be "<hostname>.<subdomain>.<pod namespace>.svc.
type: string
terminationGracePeriodSeconds:
description: Optional duration in seconds the pod needs to
terminate gracefully.
format: int64
type: integer
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects.
type: string
key:
description: Key is the taint key that the toleration
applies to. Empty means match all taint keys.
type: string
operator:
description: Operator represents a key's relationship
to the value. Valid operators are Exists and Equal.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period
of time the toleration (which must be of effect NoExecute,
o
format: int64
type: integer
value:
description: Value is the taint value the toleration
matches to.
type: string
type: object
type: array
topologySpreadConstraints:
description: TopologySpreadConstraints describes how a group
of pods ought to spread across topology domains.
items:
description: TopologySpreadConstraint specifies how to spread
matching pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching
pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values.
type: string
values:
description: values is an array of string
values.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs.
type: object
type: object
maxSkew:
description: MaxSkew describes the degree to which pods
may be unevenly distributed.
format: int32
type: integer
topologyKey:
description: TopologyKey is the key of node labels.
type: string
whenUnsatisfiable:
description: WhenUnsatisfiable indicates how to deal
with a pod if it doesn't satisfy the spread constraint.
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
x-kubernetes-list-map-keys:
- topologyKey
- whenUnsatisfiable
x-kubernetes-list-type: map
volumes:
description: List of volumes that can be mounted by containers
belonging to the pod.
items:
description: Volume represents a named volume in a pod that
may be accessed by any container in the pod.
properties:
awsElasticBlockStore:
description: AWSElasticBlockStore represents an AWS
Disk resource that is attached to a kubelet's host
machine an
properties:
fsType:
description: Filesystem type of the volume that
you want to mount.
type: string
partition:
description: The partition in the volume that you
want to mount.
format: int32
type: integer
readOnly:
description: Specify "true" to force and set the
ReadOnly property in VolumeMounts to "true".
type: boolean
volumeID:
description: 'Unique ID of the persistent disk resource
in AWS (Amazon EBS volume). More info: https://kubernetes.'
type: string
required:
- volumeID
type: object
azureDisk:
description: AzureDisk represents an Azure Data Disk
mount on the host and bind mount to the pod.
properties:
cachingMode:
description: 'Host Caching mode: None, Read Only,
Read Write.'
type: string
diskName:
description: The Name of the data disk in the blob
storage
type: string
diskURI:
description: The URI the data disk in the blob storage
type: string
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system. Ex.
type: string
kind:
description: 'Expected values Shared: multiple blob
disks per storage account Dedicated: single blob
disk per sto'
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
description: AzureFile represents an Azure File Service
mount on the host and bind mount to the pod.
properties:
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
description: the name of secret that contains Azure
Storage Account Name and Key
type: string
shareName:
description: Share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
description: CephFS represents a Ceph FS mount on the
host that shares a pod's lifetime
properties:
monitors:
description: 'Required: Monitors is a collection
of Ceph monitors More info: https://examples.k8s.'
items:
type: string
type: array
path:
description: 'Optional: Used as the mounted root,
rather than the full Ceph tree, default is /'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).'
type: boolean
secretFile:
description: 'Optional: SecretFile is the path to
key ring for User, default is /etc/ceph/user.'
type: string
secretRef:
description: 'Optional: SecretRef is reference to
the authentication secret for User, default is
empty.'
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
user:
description: 'Optional: User is the rados user name,
default is admin More info: https://examples.k8s.'
type: string
required:
- monitors
type: object
cinder:
description: Cinder represents a cinder volume attached
and mounted on kubelets host machine.
properties:
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system.
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).'
type: boolean
secretRef:
description: 'Optional: points to a secret object
containing parameters used to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
volumeID:
description: 'volume id used to identify the volume
in cinder. More info: https://examples.k8s.'
type: string
required:
- volumeID
type: object
configMap:
description: ConfigMap represents a configMap that should
populate this volume
properties:
defaultMode:
description: 'Optional: mode bits used to set permissions
on created files by default.'
format: int32
type: integer
items:
description: 'If unspecified, each key-value pair
in the Data field of the referenced ConfigMap
will be projected '
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used to
set permissions on this file.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap or its
keys must be defined
type: boolean
type: object
csi:
description: CSI (Container Storage Interface) represents
ephemeral storage that is handled by certain external
C
properties:
driver:
description: Driver is the name of the CSI driver
that handles this volume.
type: string
fsType:
description: Filesystem type to mount. Ex. "ext4",
"xfs", "ntfs".
type: string
nodePublishSecretRef:
description: NodePublishSecretRef is a reference
to the secret object containing sensitive information
to pass to
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
readOnly:
description: Specifies a read-only configuration
for the volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: VolumeAttributes stores driver-specific
properties that are passed to the CSI driver.
type: object
required:
- driver
type: object
downwardAPI:
description: DownwardAPI represents downward API about
the pod that should populate this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created
files by default.'
format: int32
type: integer
items:
description: Items is a list of downward API volume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing the
pod field
properties:
fieldRef:
description: 'Required: Selects a field of
the pod: only annotations, labels, name
and namespace are supported.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of, defaults
to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits used to
set permissions on this file, must be an
octal value between 0000 and 07'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created.'
type: string
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults to
"1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
emptyDir:
description: EmptyDir represents a temporary directory
that shares a pod's lifetime.
properties:
medium:
description: What type of storage medium should
back this directory.
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: Total amount of local storage required
for this EmptyDir volume.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
ephemeral:
description: Ephemeral represents a volume that is handled
by a cluster storage driver (Alpha feature).
properties:
readOnly:
description: Specifies a read-only configuration
for the volume. Defaults to false (read/write).
type: boolean
volumeClaimTemplate:
description: Will be used to create a stand-alone
PVC to provision the volume.
properties:
metadata:
description: May contain labels and annotations
that will be copied into the PVC when creating
it.
type: object
spec:
description: The specification for the PersistentVolumeClaim.
properties:
accessModes:
description: 'AccessModes contains the desired
access modes the volume should have. More
info: https://kubernetes.'
items:
type: string
type: array
dataSource:
description: 'This field can be used to
specify either: * An existing VolumeSnapshot
object (snapshot.storage.k8s.'
properties:
apiGroup:
description: APIGroup is the group for
the resource being referenced.
type: string
kind:
description: Kind is the type of resource
being referenced
type: string
name:
description: Name is the name of resource
being referenced
type: string
required:
- kind
- name
type: object
resources:
description: 'Resources represents the minimum
resources the volume should have. More
info: https://kubernetes.'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum
amount of compute resources allowed.
More info: https://kubernetes.'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Requests describes the
minimum amount of compute resources
required.
type: object
type: object
selector:
description: A label query over volumes
to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
properties:
key:
description: key is the label
key that the selector applies
to.
type: string
operator:
description: operator represents
a key's relationship to a set
of values.
type: string
values:
description: values is an array
of string values.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of
{key,value} pairs.
type: object
type: object
storageClassName:
description: 'Name of the StorageClass required
by the claim. More info: https://kubernetes.'
type: string
volumeMode:
description: volumeMode defines what type
of volume is required by the claim.
type: string
volumeName:
description: VolumeName is the binding reference
to the PersistentVolume backing this claim.
type: string
type: object
required:
- spec
type: object
type: object
fc:
description: FC represents a Fibre Channel resource
that is attached to a kubelet's host machine and then
exposed
properties:
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system. Ex.
type: string
lun:
description: 'Optional: FC target lun number'
format: int32
type: integer
readOnly:
description: 'Optional: Defaults to false (read/write).'
type: boolean
targetWWNs:
description: 'Optional: FC target worldwide names
(WWNs)'
items:
type: string
type: array
wwids:
description: 'Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of targetWWNs
and lun'
items:
type: string
type: array
type: object
flexVolume:
description: FlexVolume represents a generic volume
resource that is provisioned/attached using an exec
based plu
properties:
driver:
description: Driver is the name of the driver to
use for this volume.
type: string
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system. Ex.
type: string
options:
additionalProperties:
type: string
description: 'Optional: Extra command options if
any.'
type: object
readOnly:
description: 'Optional: Defaults to false (read/write).'
type: boolean
secretRef:
description: 'Optional: SecretRef is reference to
the secret object containing sensitive information
to pass to th'
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
required:
- driver
type: object
flocker:
description: Flocker represents a Flocker volume attached
to a kubelet's host machine.
properties:
datasetName:
description: Name of the dataset stored as metadata
-> name on the dataset for Flocker should be considered
as de
type: string
datasetUUID:
description: UUID of the dataset. This is unique
identifier of a Flocker dataset
type: string
type: object
gcePersistentDisk:
description: GCEPersistentDisk represents a GCE Disk
resource that is attached to a kubelet's host machine
and th
properties:
fsType:
description: Filesystem type of the volume that
you want to mount.
type: string
partition:
description: The partition in the volume that you
want to mount.
format: int32
type: integer
pdName:
description: Unique name of the PD resource in GCE.
Used to identify the disk in GCE.
type: string
readOnly:
description: ReadOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
required:
- pdName
type: object
gitRepo:
description: 'GitRepo represents a git repository at
a particular revision. DEPRECATED: GitRepo is deprecated.'
properties:
directory:
description: Target directory name. Must not contain
or start with '..'. If '.
type: string
repository:
description: Repository URL
type: string
revision:
description: Commit hash for the specified revision.
type: string
required:
- repository
type: object
glusterfs:
description: Glusterfs represents a Glusterfs mount
on the host that shares a pod's lifetime.
properties:
endpoints:
description: 'EndpointsName is the endpoint name
that details Glusterfs topology. More info: https://examples.k8s.'
type: string
path:
description: 'Path is the Glusterfs volume path.
More info: https://examples.k8s.io/volumes/glusterfs/README.'
type: string
readOnly:
description: ReadOnly here will force the Glusterfs
volume to be mounted with read-only permissions.
type: boolean
required:
- endpoints
- path
type: object
hostPath:
description: HostPath represents a pre-existing file
or directory on the host machine that is directly
exposed to
properties:
path:
description: Path of the directory on the host.
type: string
type:
description: 'Type for HostPath Volume Defaults
to "" More info: https://kubernetes.'
type: string
required:
- path
type: object
iscsi:
description: ISCSI represents an ISCSI Disk resource
that is attached to a kubelet's host machine and then
expose
properties:
chapAuthDiscovery:
description: whether support iSCSI Discovery CHAP
authentication
type: boolean
chapAuthSession:
description: whether support iSCSI Session CHAP
authentication
type: boolean
fsType:
description: Filesystem type of the volume that
you want to mount.
type: string
initiatorName:
description: Custom iSCSI Initiator Name.
type: string
iqn:
description: Target iSCSI Qualified Name.
type: string
iscsiInterface:
description: iSCSI Interface Name that uses an iSCSI
transport. Defaults to 'default' (tcp).
type: string
lun:
description: iSCSI Target Lun number.
format: int32
type: integer
portals:
description: iSCSI Target Portal List.
items:
type: string
type: array
readOnly:
description: ReadOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: CHAP Secret for iSCSI target and initiator
authentication
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
targetPortal:
description: iSCSI Target Portal.
type: string
required:
- iqn
- lun
- targetPortal
type: object
name:
description: 'Volume''s name. Must be a DNS_LABEL and
unique within the pod. More info: https://kubernetes.'
type: string
nfs:
description: 'NFS represents an NFS mount on the host
that shares a pod''s lifetime More info: https://kubernetes.'
properties:
path:
description: 'Path that is exported by the NFS server.
More info: https://kubernetes.'
type: string
readOnly:
description: ReadOnly here will force the NFS export
to be mounted with read-only permissions. Defaults
to false.
type: boolean
server:
description: 'Server is the hostname or IP address
of the NFS server. More info: https://kubernetes.'
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: PersistentVolumeClaimVolumeSource represents
a reference to a PersistentVolumeClaim in the same
name
properties:
claimName:
description: ClaimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume.
type: string
readOnly:
description: Will force the ReadOnly setting in
VolumeMounts. Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
description: 'PhotonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets '
properties:
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system. Ex.
type: string
pdID:
description: ID that identifies Photon Controller
persistent disk
type: string
required:
- pdID
type: object
portworxVolume:
description: PortworxVolume represents a portworx volume
attached and mounted on kubelets host machine
properties:
fsType:
description: FSType represents the filesystem type
to mount Must be a filesystem type supported by
the host opera
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
description: VolumeID uniquely identifies a Portworx
volume
type: string
required:
- volumeID
type: object
projected:
description: Items for all in one resources secrets,
configmaps, and downward API
properties:
defaultMode:
description: Mode bits used to set permissions on
created files by default.
format: int32
type: integer
sources:
description: list of volume projections
items:
description: Projection that may be projected
along with other supported volume types
properties:
configMap:
description: information about the configMap
data to project
properties:
items:
description: 'If unspecified, each key-value
pair in the Data field of the referenced
ConfigMap will be projected '
items:
description: Maps a string key to a
path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits
used to set permissions on this
file.'
format: int32
type: integer
path:
description: The relative path of
the file to map the key to. May
not be an absolute path.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the ConfigMap
or its keys must be defined
type: boolean
type: object
downwardAPI:
description: information about the downwardAPI
data to project
properties:
items:
description: Items is a list of DownwardAPIVolume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing
the pod field
properties:
fieldRef:
description: 'Required: Selects
a field of the pod: only annotations,
labels, name and namespace are
supported.'
properties:
apiVersion:
description: Version of the
schema the FieldPath is written
in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field
to select in the specified
API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits
used to set permissions on this
file, must be an octal value between
0000 and 07'
format: int32
type: integer
path:
description: 'Required: Path is the
relative path name of the file
to be created.'
type: string
resourceFieldRef:
description: 'Selects a resource
of the container: only resources
limits and requests (limits.cpu,
limits.'
properties:
containerName:
description: 'Container name:
required for volumes, optional
for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource
to select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
secret:
description: information about the secret
data to project
properties:
items:
description: If unspecified, each key-value
pair in the Data field of the referenced
Secret will be projected int
items:
description: Maps a string key to a
path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits
used to set permissions on this
file.'
format: int32
type: integer
path:
description: The relative path of
the file to map the key to. May
not be an absolute path.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More
info: https://kubernetes.'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
type: object
serviceAccountToken:
description: information about the serviceAccountToken
data to project
properties:
audience:
description: Audience is the intended
audience of the token.
type: string
expirationSeconds:
description: ExpirationSeconds is the
requested duration of validity of the
service account token.
format: int64
type: integer
path:
description: Path is the path relative
to the mount point of the file to project
the token into.
type: string
required:
- path
type: object
type: object
type: array
required:
- sources
type: object
quobyte:
description: Quobyte represents a Quobyte mount on the
host that shares a pod's lifetime
properties:
group:
description: Group to map volume access to Default
is no group
type: string
readOnly:
description: ReadOnly here will force the Quobyte
volume to be mounted with read-only permissions.
type: boolean
registry:
description: Registry represents a single or multiple
Quobyte Registry services specified as a string
as host:por
type: string
tenant:
description: Tenant owning the given Quobyte volume
in the Backend Used with dynamically provisioned
Quobyte volu
type: string
user:
description: User to map volume access to Defaults
to serivceaccount user
type: string
volume:
description: Volume is a string that references
an already created Quobyte volume by name.
type: string
required:
- registry
- volume
type: object
rbd:
description: RBD represents a Rados Block Device mount
on the host that shares a pod's lifetime.
properties:
fsType:
description: Filesystem type of the volume that
you want to mount.
type: string
image:
description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
description: Keyring is the path to key ring for
RBDUser. Default is /etc/ceph/keyring.
type: string
monitors:
description: 'A collection of Ceph monitors. More
info: https://examples.k8s.io/volumes/rbd/README.'
items:
type: string
type: array
pool:
description: 'The rados pool name. Default is rbd.
More info: https://examples.k8s.io/volumes/rbd/README.'
type: string
readOnly:
description: ReadOnly here will force the ReadOnly
setting in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: SecretRef is name of the authentication
secret for RBDUser. If provided overrides keyring.
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
user:
description: 'The rados user name. Default is admin.
More info: https://examples.k8s.io/volumes/rbd/README.'
type: string
required:
- image
- monitors
type: object
scaleIO:
description: ScaleIO represents a ScaleIO persistent
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system. Ex.
type: string
gateway:
description: The host address of the ScaleIO API
Gateway.
type: string
protectionDomain:
description: The name of the ScaleIO Protection
Domain for the configured storage.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef references to the secret
for ScaleIO user and other sensitive information.
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
sslEnabled:
description: Flag to enable/disable SSL communication
with Gateway, default false
type: boolean
storageMode:
description: Indicates whether the storage for a
volume should be ThickProvisioned or ThinProvisioned.
type: string
storagePool:
description: The ScaleIO Storage Pool associated
with the protection domain.
type: string
system:
description: The name of the storage system as configured
in ScaleIO.
type: string
volumeName:
description: The name of a volume already created
in the ScaleIO system that is associated with
this volume sourc
type: string
required:
- gateway
- secretRef
- system
type: object
secret:
description: 'Secret represents a secret that should
populate this volume. More info: https://kubernetes.'
properties:
defaultMode:
description: 'Optional: mode bits used to set permissions
on created files by default.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair
in the Data field of the referenced Secret will
be projected int
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used to
set permissions on this file.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys
must be defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace
to use. More info: https://kubernetes.'
type: string
type: object
storageos:
description: StorageOS represents a StorageOS volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system. Ex.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly
here will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef specifies the secret to use
for obtaining the StorageOS API credentials.
properties:
name:
description: 'Name of the referent. More info:
https://kubernetes.'
type: string
type: object
volumeName:
description: VolumeName is the human-readable name
of the StorageOS volume.
type: string
volumeNamespace:
description: VolumeNamespace specifies the scope
of the volume within StorageOS.
type: string
type: object
vsphereVolume:
description: VsphereVolume represents a vSphere volume
attached and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a
filesystem type supported by the host operating
system. Ex.
type: string
storagePolicyID:
description: Storage Policy Based Management (SPBM)
profile ID associated with the StoragePolicyName.
type: string
storagePolicyName:
description: Storage Policy Based Management (SPBM)
profile name.
type: string
volumePath:
description: Path that identifies vSphere volume
vmdk
type: string
required:
- volumePath
type: object
required:
- name
type: object
type: array
required:
- containers
type: object
type: object
type: object
status:
description: WorkspaceStatus defines the observed state of Workspace
properties:
conditions:
description: Conditions is an array of current conditions
items:
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
message:
description: Message regarding why the container is in the current
state.
type: string
reason:
description: (brief) reason the container is in the current
state
type: string
type:
description: Type is the type of the condition. Possible values
are Running|Waiting|Terminated
type: string
required:
- type
type: object
type: array
containerState:
description: ContainerState is the state of underlying container.
properties:
running:
description: Details about a running container
properties:
startedAt:
description: Time at which the container was last (re-)started
format: date-time
type: string
type: object
terminated:
description: Details about a terminated container
properties:
containerID:
description: Container's ID in the format 'docker://<container_id>'
type: string
exitCode:
description: Exit status from the last termination of the
container
format: int32
type: integer
finishedAt:
description: Time at which the container last terminated
format: date-time
type: string
message:
description: Message regarding the last termination of the
container
type: string
reason:
description: (brief) reason from the last termination of the
container
type: string
signal:
description: Signal from the last termination of the container
format: int32
type: integer
startedAt:
description: Time at which previous execution of the container
started
format: date-time
type: string
required:
- exitCode
type: object
waiting:
description: Details about a waiting container
properties:
message:
description: Message regarding why the container is not yet
running.
type: string
reason:
description: (brief) reason the container is not yet running.
type: string
type: object
type: object
readyReplicas:
description: ReadyReplicas is the number of Pods created by the StatefulSet
controller that have a Ready Conditio
format: int32
type: integer
required:
- conditions
- containerState
- readyReplicas
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Raw
workspace-operator.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuberay-workspace-operator-service-account
namespace: ray-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: kuberay-workspace-operator-cluster-role
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- patch
- update
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- statefulsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- ray.io
resources:
- workspaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ray.io
resources:
- workspaces/finalizers
verbs:
- update
- apiGroups:
- ray.io
resources:
- workspaces/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuberay-workspace-operator-cluster-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kuberay-workspace-operator-cluster-role
subjects:
- kind: ServiceAccount
name: kuberay-workspace-operator-service-account
namespace: ray-system
---
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
control-plane: workspace-operator
name: kuberay-workspace-operator
namespace: ray-system
spec:
ports:
- name: monitoring-port
port: 8080
targetPort: 8080
selector:
control-plane: workspace-operator
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: workspace-operator
name: kuberay-workspace-operator
namespace: ray-system
spec:
replicas: 1
selector:
matchLabels:
control-plane: workspace-operator
template:
metadata:
labels:
control-plane: workspace-operator
spec:
containers:
- command:
- /manager
image: seedjeffwan/kuberay-workspace:0.1
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: kuberay-workspace-operator
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: kuberay-workspace-operator-service-account
terminationGracePeriodSeconds: 10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment