Created
November 21, 2019 21:15
-
-
Save awgreene/1800e0fc447973406297cdfee745667c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: keda-operator | |
| namespace: openshift-operators | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: scaledobjects.keda.k8s.io | |
| spec: | |
| group: keda.k8s.io | |
| names: | |
| kind: ScaledObject | |
| listKind: ScaledObjectList | |
| plural: scaledobjects | |
| singular: scaledobject | |
| scope: Namespaced | |
| subresources: | |
| status: {} | |
| validation: | |
| openAPIV3Schema: | |
| description: ScaledObject is a specification for a ScaledObject resource | |
| properties: | |
| apiVersion: | |
| description: >- | |
| APIVersion defines the versioned schema of this representation of an | |
| object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: | |
| https://git.k8s.io/community/contributors/devel/api-conventions.md#resources | |
| type: string | |
| kind: | |
| description: >- | |
| Kind is a string value representing the REST resource this object | |
| represents. Servers may infer this from the endpoint the client | |
| submits requests to. Cannot be updated. In CamelCase. More info: | |
| https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: ScaledObjectSpec is the spec for a ScaledObject resource | |
| properties: | |
| cooldownPeriod: | |
| format: int32 | |
| type: integer | |
| jobTargetRef: | |
| description: JobSpec describes how the job execution will look like. | |
| properties: | |
| activeDeadlineSeconds: | |
| description: >- | |
| Specifies the duration in seconds relative to the startTime | |
| that the job may be active before the system tries to | |
| terminate it; value must be positive integer | |
| format: int64 | |
| type: integer | |
| backoffLimit: | |
| description: >- | |
| Specifies the number of retries before marking this job | |
| failed. Defaults to 6 | |
| format: int32 | |
| type: integer | |
| completions: | |
| description: >- | |
| Specifies the desired number of successfully finished pods | |
| the job should be run with. Setting to nil means that the | |
| success of any pod signals the success of all pods, and | |
| allows parallelism to have any positive value. Setting to 1 | |
| means that parallelism is limited to 1 and the success of | |
| that pod signals the success of the job. More info: | |
| https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ | |
| format: int32 | |
| type: integer | |
| manualSelector: | |
| description: >- | |
| manualSelector controls generation of pod labels and pod | |
| selectors. Leave `manualSelector` unset unless you are | |
| certain what you are doing. When false or unset, the system | |
| pick labels unique to this job and appends those labels to | |
| the pod template. When true, the user is responsible for | |
| picking unique labels and specifying the selector. Failure | |
| to pick a unique label may cause this and other jobs to not | |
| function correctly. However, You may see | |
| `manualSelector=true` in jobs that were created with the old | |
| `extensions/v1beta1` API. More info: | |
| https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector | |
| type: boolean | |
| parallelism: | |
| description: >- | |
| Specifies the maximum desired number of pods the job should | |
| run at any given time. The actual number of pods running in | |
| steady state will be less than this number when | |
| ((.spec.completions - .status.successful) < | |
| .spec.parallelism), i.e. when the work left to do is less | |
| than max parallelism. More info: | |
| https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ | |
| format: int32 | |
| type: integer | |
| selector: | |
| description: >- | |
| A label query over pods that should match the pod count. | |
| Normally, the system sets this field for you. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | |
| properties: | |
| matchExpressions: | |
| description: >- | |
| matchExpressions is a list of label selector | |
| requirements. The requirements are ANDed. | |
| items: | |
| description: >- | |
| A label selector requirement is a selector that | |
| contains values, a key, and an operator that relates | |
| the key and values. | |
| properties: | |
| key: | |
| description: key is the label key that the selector applies to. | |
| type: string | |
| operator: | |
| description: >- | |
| operator represents a key's relationship to a set | |
| of values. Valid operators are In, NotIn, Exists | |
| and DoesNotExist. | |
| type: string | |
| values: | |
| description: >- | |
| values is an array of string values. If the | |
| operator is In or NotIn, the values array must be | |
| non-empty. If the operator is Exists or | |
| DoesNotExist, the values array must be empty. This | |
| array is replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| matchLabels is a map of {key,value} pairs. A single | |
| {key,value} in the matchLabels map is equivalent to an | |
| element of matchExpressions, whose key field is "key", | |
| the operator is "In", and the values array contains only | |
| "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| template: | |
| description: >- | |
| Describes the pod that will be created when executing a job. | |
| More info: | |
| https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ | |
| properties: | |
| metadata: | |
| description: >- | |
| Standard object's metadata. More info: | |
| https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata | |
| type: object | |
| spec: | |
| description: >- | |
| Specification of the desired behavior of the pod. More | |
| info: | |
| https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status | |
| properties: | |
| activeDeadlineSeconds: | |
| description: >- | |
| Optional duration in seconds the pod may be active | |
| on the node relative to StartTime before the system | |
| will actively try to mark it failed and kill | |
| associated containers. Value must be a positive | |
| integer. | |
| format: int64 | |
| type: integer | |
| affinity: | |
| description: 'If specified, the pod''s scheduling constraints' | |
| properties: | |
| nodeAffinity: | |
| description: >- | |
| Describes node affinity scheduling rules for the | |
| pod. | |
| properties: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| description: >- | |
| The scheduler will prefer to schedule pods | |
| to nodes that satisfy the affinity | |
| expressions specified by this field, but it | |
| may choose a node that violates one or more | |
| of the expressions. The node that is most | |
| preferred is the one with the greatest sum | |
| of weights, i.e. for each node that meets | |
| all of the scheduling requirements (resource | |
| request, requiredDuringScheduling affinity | |
| expressions, etc.), compute a sum by | |
| iterating through the elements of this field | |
| and adding "weight" to the sum if the node | |
| matches the corresponding matchExpressions; | |
| the node(s) with the highest sum are the | |
| most preferred. | |
| items: | |
| description: >- | |
| An empty preferred scheduling term matches | |
| all objects with implicit weight 0 (i.e. | |
| it's a no-op). A null preferred scheduling | |
| term matches no objects (i.e. is also a | |
| no-op). | |
| properties: | |
| preference: | |
| description: >- | |
| A node selector term, associated with | |
| the corresponding weight. | |
| properties: | |
| matchExpressions: | |
| description: >- | |
| A list of node selector requirements by | |
| node's labels. | |
| items: | |
| description: >- | |
| A node selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| The label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: >- | |
| Represents a key's relationship to a set | |
| of values. Valid operators are In, | |
| NotIn, Exists, DoesNotExist. Gt, and Lt. | |
| type: string | |
| values: | |
| description: >- | |
| An array of string values. If the | |
| operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. If the operator is | |
| Gt or Lt, the values array must have a | |
| single element, which will be | |
| interpreted as an integer. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchFields: | |
| description: >- | |
| A list of node selector requirements by | |
| node's fields. | |
| items: | |
| description: >- | |
| A node selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| The label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: >- | |
| Represents a key's relationship to a set | |
| of values. Valid operators are In, | |
| NotIn, Exists, DoesNotExist. Gt, and Lt. | |
| type: string | |
| values: | |
| description: >- | |
| An array of string values. If the | |
| operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. If the operator is | |
| Gt or Lt, the values array must have a | |
| single element, which will be | |
| interpreted as an integer. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| type: object | |
| weight: | |
| description: >- | |
| Weight associated with matching the | |
| corresponding nodeSelectorTerm, in the | |
| range 1-100. | |
| format: int32 | |
| type: integer | |
| required: | |
| - preference | |
| - weight | |
| type: object | |
| type: array | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| description: >- | |
| If the affinity requirements specified by | |
| this field are not met at scheduling time, | |
| the pod will not be scheduled onto the node. | |
| If the affinity requirements specified by | |
| this field cease to be met at some point | |
| during pod execution (e.g. due to an | |
| update), the system may or may not try to | |
| eventually evict the pod from its node. | |
| properties: | |
| nodeSelectorTerms: | |
| description: >- | |
| Required. A list of node selector terms. | |
| The terms are ORed. | |
| items: | |
| description: >- | |
| A null or empty node selector term | |
| matches no objects. The requirements of | |
| them are ANDed. The TopologySelectorTerm | |
| type implements a subset of the | |
| NodeSelectorTerm. | |
| properties: | |
| matchExpressions: | |
| description: >- | |
| A list of node selector requirements by | |
| node's labels. | |
| items: | |
| description: >- | |
| A node selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| The label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: >- | |
| Represents a key's relationship to a set | |
| of values. Valid operators are In, | |
| NotIn, Exists, DoesNotExist. Gt, and Lt. | |
| type: string | |
| values: | |
| description: >- | |
| An array of string values. If the | |
| operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. If the operator is | |
| Gt or Lt, the values array must have a | |
| single element, which will be | |
| interpreted as an integer. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchFields: | |
| description: >- | |
| A list of node selector requirements by | |
| node's fields. | |
| items: | |
| description: >- | |
| A node selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| The label key that the selector applies | |
| to. | |
| type: string | |
| operator: | |
| description: >- | |
| Represents a key's relationship to a set | |
| of values. Valid operators are In, | |
| NotIn, Exists, DoesNotExist. Gt, and Lt. | |
| type: string | |
| values: | |
| description: >- | |
| An array of string values. If the | |
| operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. If the operator is | |
| Gt or Lt, the values array must have a | |
| single element, which will be | |
| interpreted as an integer. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| type: object | |
| type: array | |
| required: | |
| - nodeSelectorTerms | |
| type: object | |
| type: object | |
| podAffinity: | |
| description: >- | |
| Describes pod affinity scheduling rules (e.g. | |
| co-locate this pod in the same node, zone, etc. | |
| as some other pod(s)). | |
| properties: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| description: >- | |
| The scheduler will prefer to schedule pods | |
| to nodes that satisfy the affinity | |
| expressions specified by this field, but it | |
| may choose a node that violates one or more | |
| of the expressions. The node that is most | |
| preferred is the one with the greatest sum | |
| of weights, i.e. for each node that meets | |
| all of the scheduling requirements (resource | |
| request, requiredDuringScheduling affinity | |
| expressions, etc.), compute a sum by | |
| iterating through the elements of this field | |
| and adding "weight" to the sum if the node | |
| has pods which matches the corresponding | |
| podAffinityTerm; the node(s) with the | |
| highest sum are the most preferred. | |
| items: | |
| description: >- | |
| The weights of all of the matched | |
| WeightedPodAffinityTerm fields are added | |
| per-node to find the most preferred | |
| node(s) | |
| properties: | |
| podAffinityTerm: | |
| description: >- | |
| Required. A pod affinity term, | |
| associated with the corresponding | |
| weight. | |
| properties: | |
| labelSelector: | |
| description: >- | |
| A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: >- | |
| matchExpressions is a list of label | |
| selector requirements. The requirements | |
| are ANDed. | |
| items: | |
| description: >- | |
| A label selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| key is the label key that the selector | |
| applies to. | |
| type: string | |
| operator: | |
| description: >- | |
| operator represents a key's relationship | |
| to a set of values. Valid operators are | |
| In, NotIn, Exists and DoesNotExist. | |
| type: string | |
| values: | |
| description: >- | |
| values is an array of string values. If | |
| the operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the | |
| matchLabels map is equivalent to an | |
| element of matchExpressions, whose key | |
| field is "key", the operator is "In", | |
| and the values array contains only | |
| "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: >- | |
| namespaces specifies which namespaces | |
| the labelSelector applies to (matches | |
| against); null or empty list means "this | |
| pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: >- | |
| This pod should be co-located (affinity) | |
| or not co-located (anti-affinity) with | |
| the pods matching the labelSelector in | |
| the specified namespaces, where | |
| co-located is defined as running on a | |
| node whose value of the label with key | |
| topologyKey matches that of any node on | |
| which any of the selected pods is | |
| running. Empty topologyKey is not | |
| allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| weight: | |
| description: >- | |
| weight associated with matching the | |
| corresponding podAffinityTerm, in the | |
| range 1-100. | |
| format: int32 | |
| type: integer | |
| required: | |
| - podAffinityTerm | |
| - weight | |
| type: object | |
| type: array | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| description: >- | |
| If the affinity requirements specified by | |
| this field are not met at scheduling time, | |
| the pod will not be scheduled onto the node. | |
| If the affinity requirements specified by | |
| this field cease to be met at some point | |
| during pod execution (e.g. due to a pod | |
| label update), the system may or may not try | |
| to eventually evict the pod from its node. | |
| When there are multiple elements, the lists | |
| of nodes corresponding to each | |
| podAffinityTerm are intersected, i.e. all | |
| terms must be satisfied. | |
| items: | |
| description: >- | |
| Defines a set of pods (namely those | |
| matching the labelSelector relative to the | |
| given namespace(s)) that this pod should | |
| be co-located (affinity) or not co-located | |
| (anti-affinity) with, where co-located is | |
| defined as running on a node whose value | |
| of the label with key <topologyKey> | |
| matches that of any node on which a pod of | |
| the set of pods is running | |
| properties: | |
| labelSelector: | |
| description: >- | |
| A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: >- | |
| matchExpressions is a list of label | |
| selector requirements. The requirements | |
| are ANDed. | |
| items: | |
| description: >- | |
| A label selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| key is the label key that the selector | |
| applies to. | |
| type: string | |
| operator: | |
| description: >- | |
| operator represents a key's relationship | |
| to a set of values. Valid operators are | |
| In, NotIn, Exists and DoesNotExist. | |
| type: string | |
| values: | |
| description: >- | |
| values is an array of string values. If | |
| the operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the | |
| matchLabels map is equivalent to an | |
| element of matchExpressions, whose key | |
| field is "key", the operator is "In", | |
| and the values array contains only | |
| "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: >- | |
| namespaces specifies which namespaces | |
| the labelSelector applies to (matches | |
| against); null or empty list means "this | |
| pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: >- | |
| This pod should be co-located (affinity) | |
| or not co-located (anti-affinity) with | |
| the pods matching the labelSelector in | |
| the specified namespaces, where | |
| co-located is defined as running on a | |
| node whose value of the label with key | |
| topologyKey matches that of any node on | |
| which any of the selected pods is | |
| running. Empty topologyKey is not | |
| allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| type: array | |
| type: object | |
| podAntiAffinity: | |
| description: >- | |
| Describes pod anti-affinity scheduling rules | |
| (e.g. avoid putting this pod in the same node, | |
| zone, etc. as some other pod(s)). | |
| properties: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| description: >- | |
| The scheduler will prefer to schedule pods | |
| to nodes that satisfy the anti-affinity | |
| expressions specified by this field, but it | |
| may choose a node that violates one or more | |
| of the expressions. The node that is most | |
| preferred is the one with the greatest sum | |
| of weights, i.e. for each node that meets | |
| all of the scheduling requirements (resource | |
| request, requiredDuringScheduling | |
| anti-affinity expressions, etc.), compute a | |
| sum by iterating through the elements of | |
| this field and adding "weight" to the sum if | |
| the node has pods which matches the | |
| corresponding podAffinityTerm; the node(s) | |
| with the highest sum are the most preferred. | |
| items: | |
| description: >- | |
| The weights of all of the matched | |
| WeightedPodAffinityTerm fields are added | |
| per-node to find the most preferred | |
| node(s) | |
| properties: | |
| podAffinityTerm: | |
| description: >- | |
| Required. A pod affinity term, | |
| associated with the corresponding | |
| weight. | |
| properties: | |
| labelSelector: | |
| description: >- | |
| A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: >- | |
| matchExpressions is a list of label | |
| selector requirements. The requirements | |
| are ANDed. | |
| items: | |
| description: >- | |
| A label selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| key is the label key that the selector | |
| applies to. | |
| type: string | |
| operator: | |
| description: >- | |
| operator represents a key's relationship | |
| to a set of values. Valid operators are | |
| In, NotIn, Exists and DoesNotExist. | |
| type: string | |
| values: | |
| description: >- | |
| values is an array of string values. If | |
| the operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the | |
| matchLabels map is equivalent to an | |
| element of matchExpressions, whose key | |
| field is "key", the operator is "In", | |
| and the values array contains only | |
| "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: >- | |
| namespaces specifies which namespaces | |
| the labelSelector applies to (matches | |
| against); null or empty list means "this | |
| pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: >- | |
| This pod should be co-located (affinity) | |
| or not co-located (anti-affinity) with | |
| the pods matching the labelSelector in | |
| the specified namespaces, where | |
| co-located is defined as running on a | |
| node whose value of the label with key | |
| topologyKey matches that of any node on | |
| which any of the selected pods is | |
| running. Empty topologyKey is not | |
| allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| weight: | |
| description: >- | |
| weight associated with matching the | |
| corresponding podAffinityTerm, in the | |
| range 1-100. | |
| format: int32 | |
| type: integer | |
| required: | |
| - podAffinityTerm | |
| - weight | |
| type: object | |
| type: array | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| description: >- | |
| If the anti-affinity requirements specified | |
| by this field are not met at scheduling | |
| time, the pod will not be scheduled onto the | |
| node. If the anti-affinity requirements | |
| specified by this field cease to be met at | |
| some point during pod execution (e.g. due to | |
| a pod label update), the system may or may | |
| not try to eventually evict the pod from its | |
| node. When there are multiple elements, the | |
| lists of nodes corresponding to each | |
| podAffinityTerm are intersected, i.e. all | |
| terms must be satisfied. | |
| items: | |
| description: >- | |
| Defines a set of pods (namely those | |
| matching the labelSelector relative to the | |
| given namespace(s)) that this pod should | |
| be co-located (affinity) or not co-located | |
| (anti-affinity) with, where co-located is | |
| defined as running on a node whose value | |
| of the label with key <topologyKey> | |
| matches that of any node on which a pod of | |
| the set of pods is running | |
| properties: | |
| labelSelector: | |
| description: >- | |
| A label query over a set of resources, | |
| in this case pods. | |
| properties: | |
| matchExpressions: | |
| description: >- | |
| matchExpressions is a list of label | |
| selector requirements. The requirements | |
| are ANDed. | |
| items: | |
| description: >- | |
| A label selector requirement is a | |
| selector that contains values, a key, | |
| and an operator that relates the key and | |
| values. | |
| properties: | |
| key: | |
| description: >- | |
| key is the label key that the selector | |
| applies to. | |
| type: string | |
| operator: | |
| description: >- | |
| operator represents a key's relationship | |
| to a set of values. Valid operators are | |
| In, NotIn, Exists and DoesNotExist. | |
| type: string | |
| values: | |
| description: >- | |
| values is an array of string values. If | |
| the operator is In or NotIn, the values | |
| array must be non-empty. If the operator | |
| is Exists or DoesNotExist, the values | |
| array must be empty. This array is | |
| replaced during a strategic merge patch. | |
| items: | |
| type: string | |
| type: array | |
| required: | |
| - key | |
| - operator | |
| type: object | |
| type: array | |
| matchLabels: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| matchLabels is a map of {key,value} | |
| pairs. A single {key,value} in the | |
| matchLabels map is equivalent to an | |
| element of matchExpressions, whose key | |
| field is "key", the operator is "In", | |
| and the values array contains only | |
| "value". The requirements are ANDed. | |
| type: object | |
| type: object | |
| namespaces: | |
| description: >- | |
| namespaces specifies which namespaces | |
| the labelSelector applies to (matches | |
| against); null or empty list means "this | |
| pod's namespace" | |
| items: | |
| type: string | |
| type: array | |
| topologyKey: | |
| description: >- | |
| This pod should be co-located (affinity) | |
| or not co-located (anti-affinity) with | |
| the pods matching the labelSelector in | |
| the specified namespaces, where | |
| co-located is defined as running on a | |
| node whose value of the label with key | |
| topologyKey matches that of any node on | |
| which any of the selected pods is | |
| running. Empty topologyKey is not | |
| allowed. | |
| type: string | |
| required: | |
| - topologyKey | |
| type: object | |
| type: array | |
| type: object | |
| type: object | |
| automountServiceAccountToken: | |
| description: >- | |
| AutomountServiceAccountToken indicates whether a | |
| service account token should be automatically | |
| mounted. | |
| type: boolean | |
| containers: | |
| description: >- | |
| List of containers belonging to the pod. Containers | |
| cannot currently be added or removed. There must be | |
| at least one container in a Pod. Cannot be updated. | |
| items: | |
| description: >- | |
| A single application container that you want to | |
| run within a pod. | |
| properties: | |
| args: | |
| description: >- | |
| Arguments to the entrypoint. The docker | |
| image's CMD is used if this is not provided. | |
| Variable references $(VAR_NAME) are expanded | |
| using the container's environment. If a | |
| variable cannot be resolved, the reference in | |
| the input string will be unchanged. The | |
| $(VAR_NAME) syntax can be escaped with a | |
| double $$, ie: $$(VAR_NAME). Escaped | |
| references will never be expanded, regardless | |
| of whether the variable exists or not. Cannot | |
| be updated. More info: | |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | |
| items: | |
| type: string | |
| type: array | |
| command: | |
| description: >- | |
| Entrypoint array. Not executed within a shell. | |
| The docker image's ENTRYPOINT is used if this | |
| is not provided. Variable references | |
| $(VAR_NAME) are expanded using the container's | |
| environment. If a variable cannot be resolved, | |
| the reference in the input string will be | |
| unchanged. The $(VAR_NAME) syntax can be | |
| escaped with a double $$, ie: $$(VAR_NAME). | |
| Escaped references will never be expanded, | |
| regardless of whether the variable exists or | |
| not. Cannot be updated. More info: | |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | |
| items: | |
| type: string | |
| type: array | |
| env: | |
| description: >- | |
| List of environment variables to set in the | |
| container. Cannot be updated. | |
| items: | |
| description: >- | |
| EnvVar represents an environment variable | |
| present in a Container. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the environment variable. Must | |
| be a C_IDENTIFIER. | |
| type: string | |
| value: | |
| description: >- | |
| Variable references $(VAR_NAME) are | |
| expanded using the previous defined | |
| environment variables in the container | |
| and any service environment variables. | |
| If a variable cannot be resolved, the | |
| reference in the input string will be | |
| unchanged. The $(VAR_NAME) syntax can be | |
| escaped with a double $$, ie: | |
| $$(VAR_NAME). Escaped references will | |
| never be expanded, regardless of whether | |
| the variable exists or not. Defaults to | |
| "". | |
| type: string | |
| valueFrom: | |
| description: >- | |
| Source for the environment variable's | |
| value. Cannot be used if value is not | |
| empty. | |
| properties: | |
| configMapKeyRef: | |
| description: Selects a key of a ConfigMap. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the ConfigMap or it's | |
| key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| fieldRef: | |
| description: >- | |
| Selects a field of the pod: supports | |
| metadata.name, metadata.namespace, | |
| metadata.labels, metadata.annotations, | |
| spec.nodeName, spec.serviceAccountName, | |
| status.hostIP, status.podIP. | |
| properties: | |
| apiVersion: | |
| description: >- | |
| Version of the schema the FieldPath is | |
| written in terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: >- | |
| Path of the field to select in the | |
| specified API version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| resourceFieldRef: | |
| description: >- | |
| Selects a resource of the container: | |
| only resources limits and requests | |
| (limits.cpu, limits.memory, | |
| limits.ephemeral-storage, requests.cpu, | |
| requests.memory and | |
| requests.ephemeral-storage) are | |
| currently supported. | |
| properties: | |
| containerName: | |
| description: >- | |
| Container name: required for volumes, | |
| optional for env vars | |
| type: string | |
| divisor: | |
| description: >- | |
| Specifies the output format of the | |
| exposed resources, defaults to "1" | |
| type: string | |
| resource: | |
| description: 'Required: resource to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| secretKeyRef: | |
| description: >- | |
| Selects a key of a secret in the pod's | |
| namespace | |
| properties: | |
| key: | |
| description: >- | |
| The key of the secret to select from. | |
| Must be a valid secret key. | |
| type: string | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the Secret or it's key | |
| must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| envFrom: | |
| description: >- | |
| List of sources to populate environment | |
| variables in the container. The keys defined | |
| within a source must be a C_IDENTIFIER. All | |
| invalid keys will be reported as an event when | |
| the container is starting. When a key exists | |
| in multiple sources, the value associated with | |
| the last source will take precedence. Values | |
| defined by an Env with a duplicate key will | |
| take precedence. Cannot be updated. | |
| items: | |
| description: >- | |
| EnvFromSource represents the source of a set | |
| of ConfigMaps | |
| properties: | |
| configMapRef: | |
| description: The ConfigMap to select from | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the ConfigMap must be | |
| defined | |
| type: boolean | |
| type: object | |
| prefix: | |
| description: >- | |
| An optional identifier to prepend to | |
| each key in the ConfigMap. Must be a | |
| C_IDENTIFIER. | |
| type: string | |
| secretRef: | |
| description: The Secret to select from | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the Secret must be | |
| defined | |
| type: boolean | |
| type: object | |
| type: object | |
| type: array | |
| image: | |
| description: >- | |
| Docker image name. More info: | |
| https://kubernetes.io/docs/concepts/containers/images | |
| This field is optional to allow higher level | |
| config management to default or override | |
| container images in workload controllers like | |
| Deployments and StatefulSets. | |
| type: string | |
| imagePullPolicy: | |
| description: >- | |
| Image pull policy. One of Always, Never, | |
| IfNotPresent. Defaults to Always if :latest | |
| tag is specified, or IfNotPresent otherwise. | |
| Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/containers/images#updating-images | |
| type: string | |
| lifecycle: | |
| description: >- | |
| Actions that the management system should take | |
| in response to container lifecycle events. | |
| Cannot be updated. | |
| properties: | |
| postStart: | |
| description: >- | |
| PostStart is called immediately after a | |
| container is created. If the handler | |
| fails, the container is terminated and | |
| restarted according to its restart policy. | |
| Other management of the container blocks | |
| until the hook completes. More info: | |
| https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP | |
| lifecycle hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| preStop: | |
| description: >- | |
| PreStop is called immediately before a | |
| container is terminated due to an API | |
| request or management event such as | |
| liveness probe failure, preemption, | |
| resource contention, etc. The handler is | |
| not called if the container crashes or | |
| exits. The reason for termination is | |
| passed to the handler. The Pod's | |
| termination grace period countdown begins | |
| before the PreStop hooked is executed. | |
| Regardless of the outcome of the handler, | |
| the container will eventually terminate | |
| within the Pod's termination grace period. | |
| Other management of the container blocks | |
| until the hook completes or until the | |
| termination grace period is reached. More | |
| info: | |
| https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP | |
| lifecycle hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| type: object | |
| livenessProbe: | |
| description: >- | |
| Periodic probe of container liveness. | |
| Container will be restarted if the probe | |
| fails. Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action to | |
| take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: >- | |
| Minimum consecutive failures for the probe | |
| to be considered failed after having | |
| succeeded. Defaults to 3. Minimum value is | |
| 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: >- | |
| Number of seconds after the container has | |
| started before liveness probes are | |
| initiated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: >- | |
| How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum | |
| value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: >- | |
| Minimum consecutive successes for the | |
| probe to be considered successful after | |
| having failed. Defaults to 1. Must be 1 | |
| for liveness. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving a | |
| TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP lifecycle | |
| hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: >- | |
| Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum | |
| value is 1. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| type: object | |
| name: | |
| description: >- | |
| Name of the container specified as a | |
| DNS_LABEL. Each container in a pod must have a | |
| unique name (DNS_LABEL). Cannot be updated. | |
| type: string | |
| ports: | |
| description: >- | |
| List of ports to expose from the container. | |
| Exposing a port here gives the system | |
| additional information about the network | |
| connections a container uses, but is primarily | |
| informational. Not specifying a port here DOES | |
| NOT prevent that port from being exposed. Any | |
| port which is listening on the default | |
| "0.0.0.0" address inside a container will be | |
| accessible from the network. Cannot be | |
| updated. | |
| items: | |
| description: >- | |
| ContainerPort represents a network port in a | |
| single container. | |
| properties: | |
| containerPort: | |
| description: >- | |
| Number of port to expose on the pod's IP | |
| address. This must be a valid port | |
| number, 0 < x < 65536. | |
| format: int32 | |
| type: integer | |
| hostIP: | |
| description: >- | |
| What host IP to bind the external port | |
| to. | |
| type: string | |
| hostPort: | |
| description: >- | |
| Number of port to expose on the host. If | |
| specified, this must be a valid port | |
| number, 0 < x < 65536. If HostNetwork is | |
| specified, this must match | |
| ContainerPort. Most containers do not | |
| need this. | |
| format: int32 | |
| type: integer | |
| name: | |
| description: >- | |
| If specified, this must be an | |
| IANA_SVC_NAME and unique within the pod. | |
| Each named port in a pod must have a | |
| unique name. Name for the port that can | |
| be referred to by services. | |
| type: string | |
| protocol: | |
| description: >- | |
| Protocol for port. Must be UDP, TCP, or | |
| SCTP. Defaults to "TCP". | |
| type: string | |
| required: | |
| - containerPort | |
| type: object | |
| type: array | |
| readinessProbe: | |
| description: >- | |
| Periodic probe of container service readiness. | |
| Container will be removed from service | |
| endpoints if the probe fails. Cannot be | |
| updated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action to | |
| take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: >- | |
| Minimum consecutive failures for the probe | |
| to be considered failed after having | |
| succeeded. Defaults to 3. Minimum value is | |
| 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: >- | |
| Number of seconds after the container has | |
| started before liveness probes are | |
| initiated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: >- | |
| How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum | |
| value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: >- | |
| Minimum consecutive successes for the | |
| probe to be considered successful after | |
| having failed. Defaults to 1. Must be 1 | |
| for liveness. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving a | |
| TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP lifecycle | |
| hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: >- | |
| Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum | |
| value is 1. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| type: object | |
| resources: | |
| description: >- | |
| Compute Resources required by this container. | |
| Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| properties: | |
| limits: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| Limits describes the maximum amount of | |
| compute resources allowed. More info: | |
| https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| type: object | |
| requests: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| Requests describes the minimum amount of | |
| compute resources required. If Requests is | |
| omitted for a container, it defaults to | |
| Limits if that is explicitly specified, | |
| otherwise to an implementation-defined | |
| value. More info: | |
| https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| type: object | |
| type: object | |
| securityContext: | |
| description: >- | |
| Security options the pod should run with. More | |
| info: | |
| https://kubernetes.io/docs/concepts/policy/security-context/ | |
| More info: | |
| https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| properties: | |
| allowPrivilegeEscalation: | |
| description: >- | |
| AllowPrivilegeEscalation controls whether | |
| a process can gain more privileges than | |
| its parent process. This bool directly | |
| controls if the no_new_privs flag will be | |
| set on the container process. | |
| AllowPrivilegeEscalation is true always | |
| when the container is: 1) run as | |
| Privileged 2) has CAP_SYS_ADMIN | |
| type: boolean | |
| capabilities: | |
| description: >- | |
| The capabilities to add/drop when running | |
| containers. Defaults to the default set of | |
| capabilities granted by the container | |
| runtime. | |
| properties: | |
| add: | |
| description: Added capabilities | |
| items: | |
| description: >- | |
| Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| drop: | |
| description: Removed capabilities | |
| items: | |
| description: >- | |
| Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| type: object | |
| privileged: | |
| description: >- | |
| Run container in privileged mode. | |
| Processes in privileged containers are | |
| essentially equivalent to root on the | |
| host. Defaults to false. | |
| type: boolean | |
| procMount: | |
| description: >- | |
| procMount denotes the type of proc mount | |
| to use for the containers. The default is | |
| DefaultProcMount which uses the container | |
| runtime defaults for readonly paths and | |
| masked paths. This requires the | |
| ProcMountType feature flag to be enabled. | |
| type: string | |
| readOnlyRootFilesystem: | |
| description: >- | |
| Whether this container has a read-only | |
| root filesystem. Default is false. | |
| type: boolean | |
| runAsGroup: | |
| description: >- | |
| The GID to run the entrypoint of the | |
| container process. Uses runtime default if | |
| unset. May also be set in | |
| PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| format: int64 | |
| type: integer | |
| runAsNonRoot: | |
| description: >- | |
| Indicates that the container must run as a | |
| non-root user. If true, the Kubelet will | |
| validate the image at runtime to ensure | |
| that it does not run as UID 0 (root) and | |
| fail to start the container if it does. If | |
| unset or false, no such validation will be | |
| performed. May also be set in | |
| PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| type: boolean | |
| runAsUser: | |
| description: >- | |
| The UID to run the entrypoint of the | |
| container process. Defaults to user | |
| specified in image metadata if | |
| unspecified. May also be set in | |
| PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| format: int64 | |
| type: integer | |
| seLinuxOptions: | |
| description: >- | |
| The SELinux context to be applied to the | |
| container. If unspecified, the container | |
| runtime will allocate a random SELinux | |
| context for each container. May also be | |
| set in PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| properties: | |
| level: | |
| description: >- | |
| Level is SELinux level label that | |
| applies to the container. | |
| type: string | |
| role: | |
| description: >- | |
| Role is a SELinux role label that | |
| applies to the container. | |
| type: string | |
| type: | |
| description: >- | |
| Type is a SELinux type label that | |
| applies to the container. | |
| type: string | |
| user: | |
| description: >- | |
| User is a SELinux user label that | |
| applies to the container. | |
| type: string | |
| type: object | |
| type: object | |
| stdin: | |
| description: >- | |
| Whether this container should allocate a | |
| buffer for stdin in the container runtime. If | |
| this is not set, reads from stdin in the | |
| container will always result in EOF. Default | |
| is false. | |
| type: boolean | |
| stdinOnce: | |
| description: >- | |
| Whether the container runtime should close the | |
| stdin channel after it has been opened by a | |
| single attach. When stdin is true the stdin | |
| stream will remain open across multiple attach | |
| sessions. If stdinOnce is set to true, stdin | |
| is opened on container start, is empty until | |
| the first client attaches to stdin, and then | |
| remains open and accepts data until the client | |
| disconnects, at which time stdin is closed and | |
| remains closed until the container is | |
| restarted. If this flag is false, a container | |
| processes that reads from stdin will never | |
| receive an EOF. Default is false | |
| type: boolean | |
| terminationMessagePath: | |
| description: >- | |
| Optional: Path at which the file to which the | |
| container's termination message will be | |
| written is mounted into the container's | |
| filesystem. Message written is intended to be | |
| brief final status, such as an assertion | |
| failure message. Will be truncated by the node | |
| if greater than 4096 bytes. The total message | |
| length across all containers will be limited | |
| to 12kb. Defaults to /dev/termination-log. | |
| Cannot be updated. | |
| type: string | |
| terminationMessagePolicy: | |
| description: >- | |
| Indicate how the termination message should be | |
| populated. File will use the contents of | |
| terminationMessagePath to populate the | |
| container status message on both success and | |
| failure. FallbackToLogsOnError will use the | |
| last chunk of container log output if the | |
| termination message file is empty and the | |
| container exited with an error. The log output | |
| is limited to 2048 bytes or 80 lines, | |
| whichever is smaller. Defaults to File. Cannot | |
| be updated. | |
| type: string | |
| tty: | |
| description: >- | |
| Whether this container should allocate a TTY | |
| for itself, also requires 'stdin' to be true. | |
| Default is false. | |
| type: boolean | |
| volumeDevices: | |
| description: >- | |
| volumeDevices is the list of block devices to | |
| be used by the container. This is a beta | |
| feature. | |
| items: | |
| description: >- | |
| volumeDevice describes a mapping of a raw | |
| block device within a container. | |
| properties: | |
| devicePath: | |
| description: >- | |
| devicePath is the path inside of the | |
| container that the device will be mapped | |
| to. | |
| type: string | |
| name: | |
| description: >- | |
| name must match the name of a | |
| persistentVolumeClaim in the pod | |
| type: string | |
| required: | |
| - devicePath | |
| - name | |
| type: object | |
| type: array | |
| volumeMounts: | |
| description: >- | |
| Pod volumes to mount into the container's | |
| filesystem. Cannot be updated. | |
| items: | |
| description: >- | |
| VolumeMount describes a mounting of a Volume | |
| within a container. | |
| properties: | |
| mountPath: | |
| description: >- | |
| Path within the container at which the | |
| volume should be mounted. Must not | |
| contain ':'. | |
| type: string | |
| mountPropagation: | |
| description: >- | |
| mountPropagation determines how mounts | |
| are propagated from the host to | |
| container and the other way around. When | |
| not set, MountPropagationNone is used. | |
| This field is beta in 1.10. | |
| type: string | |
| name: | |
| description: This must match the Name of a Volume. | |
| type: string | |
| readOnly: | |
| description: >- | |
| Mounted read-only if true, read-write | |
| otherwise (false or unspecified). | |
| Defaults to false. | |
| type: boolean | |
| subPath: | |
| description: >- | |
| Path within the volume from which the | |
| container's volume should be mounted. | |
| Defaults to "" (volume's root). | |
| type: string | |
| subPathExpr: | |
| description: >- | |
| Expanded path within the volume from | |
| which the container's volume should be | |
| mounted. Behaves similarly to SubPath | |
| but environment variable references | |
| $(VAR_NAME) are expanded using the | |
| container's environment. Defaults to "" | |
| (volume's root). SubPathExpr and SubPath | |
| are mutually exclusive. This field is | |
| alpha in 1.14. | |
| type: string | |
| required: | |
| - mountPath | |
| - name | |
| type: object | |
| type: array | |
| workingDir: | |
| description: >- | |
| Container's working directory. If not | |
| specified, the container runtime's default | |
| will be used, which might be configured in the | |
| container image. Cannot be updated. | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| dnsConfig: | |
| description: >- | |
| Specifies the DNS parameters of a pod. Parameters | |
| specified here will be merged to the generated DNS | |
| configuration based on DNSPolicy. | |
| properties: | |
| nameservers: | |
| description: >- | |
| A list of DNS name server IP addresses. This | |
| will be appended to the base nameservers | |
| generated from DNSPolicy. Duplicated nameservers | |
| will be removed. | |
| items: | |
| type: string | |
| type: array | |
| options: | |
| description: >- | |
| A list of DNS resolver options. This will be | |
| merged with the base options generated from | |
| DNSPolicy. Duplicated entries will be removed. | |
| Resolution options given in Options will | |
| override those that appear in the base | |
| DNSPolicy. | |
| items: | |
| description: >- | |
| PodDNSConfigOption defines DNS resolver | |
| options of a pod. | |
| properties: | |
| name: | |
| description: Required. | |
| type: string | |
| value: | |
| type: string | |
| type: object | |
| type: array | |
| searches: | |
| description: >- | |
| A list of DNS search domains for host-name | |
| lookup. This will be appended to the base search | |
| paths generated from DNSPolicy. Duplicated | |
| search paths will be removed. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| dnsPolicy: | |
| description: >- | |
| Set DNS policy for the pod. Defaults to | |
| "ClusterFirst". Valid values are | |
| 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' | |
| or 'None'. DNS parameters given in DNSConfig will be | |
| merged with the policy selected with DNSPolicy. To | |
| have DNS options set along with hostNetwork, you | |
| have to specify DNS policy explicitly to | |
| 'ClusterFirstWithHostNet'. | |
| type: string | |
| enableServiceLinks: | |
| description: >- | |
| EnableServiceLinks indicates whether information | |
| about services should be injected into pod's | |
| environment variables, matching the syntax of Docker | |
| links. Optional: Defaults to true. | |
| type: boolean | |
| hostAliases: | |
| description: >- | |
| HostAliases is an optional list of hosts and IPs | |
| that will be injected into the pod's hosts file if | |
| specified. This is only valid for non-hostNetwork | |
| pods. | |
| items: | |
| description: >- | |
| HostAlias holds the mapping between IP and | |
| hostnames that will be injected as an entry in the | |
| pod's hosts file. | |
| properties: | |
| hostnames: | |
| description: Hostnames for the above IP address. | |
| items: | |
| type: string | |
| type: array | |
| ip: | |
| description: IP address of the host file entry. | |
| type: string | |
| type: object | |
| type: array | |
| hostIPC: | |
| description: >- | |
| Use the host's ipc namespace. Optional: Default to | |
| false. | |
| type: boolean | |
| hostNetwork: | |
| description: >- | |
| Host networking requested for this pod. Use the | |
| host's network namespace. If this option is set, the | |
| ports that will be used must be specified. Default | |
| to false. | |
| type: boolean | |
| hostPID: | |
| description: >- | |
| Use the host's pid namespace. Optional: Default to | |
| false. | |
| type: boolean | |
| hostname: | |
| description: >- | |
| Specifies the hostname of the Pod If not specified, | |
| the pod's hostname will be set to a system-defined | |
| value. | |
| type: string | |
| imagePullSecrets: | |
| description: >- | |
| ImagePullSecrets is an optional list of references | |
| to secrets in the same namespace to use for pulling | |
| any of the images used by this PodSpec. If | |
| specified, these secrets will be passed to | |
| individual puller implementations for them to use. | |
| For example, in the case of docker, only | |
| DockerConfig type secrets are honored. More info: | |
| https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod | |
| items: | |
| description: >- | |
| LocalObjectReference contains enough information | |
| to let you locate the referenced object inside the | |
| same namespace. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid? | |
| type: string | |
| type: object | |
| type: array | |
| initContainers: | |
| description: >- | |
| List of initialization containers belonging to the | |
| pod. Init containers are executed in order prior to | |
| containers being started. If any init container | |
| fails, the pod is considered to have failed and is | |
| handled according to its restartPolicy. The name for | |
| an init container or normal container must be unique | |
| among all containers. Init containers may not have | |
| Lifecycle actions, Readiness probes, or Liveness | |
| probes. The resourceRequirements of an init | |
| container are taken into account during scheduling | |
| by finding the highest request/limit for each | |
| resource type, and then using the max of of that | |
| value or the sum of the normal containers. Limits | |
| are applied to init containers in a similar fashion. | |
| Init containers cannot currently be added or | |
| removed. Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| items: | |
| description: >- | |
| A single application container that you want to | |
| run within a pod. | |
| properties: | |
| args: | |
| description: >- | |
| Arguments to the entrypoint. The docker | |
| image's CMD is used if this is not provided. | |
| Variable references $(VAR_NAME) are expanded | |
| using the container's environment. If a | |
| variable cannot be resolved, the reference in | |
| the input string will be unchanged. The | |
| $(VAR_NAME) syntax can be escaped with a | |
| double $$, ie: $$(VAR_NAME). Escaped | |
| references will never be expanded, regardless | |
| of whether the variable exists or not. Cannot | |
| be updated. More info: | |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | |
| items: | |
| type: string | |
| type: array | |
| command: | |
| description: >- | |
| Entrypoint array. Not executed within a shell. | |
| The docker image's ENTRYPOINT is used if this | |
| is not provided. Variable references | |
| $(VAR_NAME) are expanded using the container's | |
| environment. If a variable cannot be resolved, | |
| the reference in the input string will be | |
| unchanged. The $(VAR_NAME) syntax can be | |
| escaped with a double $$, ie: $$(VAR_NAME). | |
| Escaped references will never be expanded, | |
| regardless of whether the variable exists or | |
| not. Cannot be updated. More info: | |
| https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | |
| items: | |
| type: string | |
| type: array | |
| env: | |
| description: >- | |
| List of environment variables to set in the | |
| container. Cannot be updated. | |
| items: | |
| description: >- | |
| EnvVar represents an environment variable | |
| present in a Container. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the environment variable. Must | |
| be a C_IDENTIFIER. | |
| type: string | |
| value: | |
| description: >- | |
| Variable references $(VAR_NAME) are | |
| expanded using the previous defined | |
| environment variables in the container | |
| and any service environment variables. | |
| If a variable cannot be resolved, the | |
| reference in the input string will be | |
| unchanged. The $(VAR_NAME) syntax can be | |
| escaped with a double $$, ie: | |
| $$(VAR_NAME). Escaped references will | |
| never be expanded, regardless of whether | |
| the variable exists or not. Defaults to | |
| "". | |
| type: string | |
| valueFrom: | |
| description: >- | |
| Source for the environment variable's | |
| value. Cannot be used if value is not | |
| empty. | |
| properties: | |
| configMapKeyRef: | |
| description: Selects a key of a ConfigMap. | |
| properties: | |
| key: | |
| description: The key to select. | |
| type: string | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the ConfigMap or it's | |
| key must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| fieldRef: | |
| description: >- | |
| Selects a field of the pod: supports | |
| metadata.name, metadata.namespace, | |
| metadata.labels, metadata.annotations, | |
| spec.nodeName, spec.serviceAccountName, | |
| status.hostIP, status.podIP. | |
| properties: | |
| apiVersion: | |
| description: >- | |
| Version of the schema the FieldPath is | |
| written in terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: >- | |
| Path of the field to select in the | |
| specified API version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| resourceFieldRef: | |
| description: >- | |
| Selects a resource of the container: | |
| only resources limits and requests | |
| (limits.cpu, limits.memory, | |
| limits.ephemeral-storage, requests.cpu, | |
| requests.memory and | |
| requests.ephemeral-storage) are | |
| currently supported. | |
| properties: | |
| containerName: | |
| description: >- | |
| Container name: required for volumes, | |
| optional for env vars | |
| type: string | |
| divisor: | |
| description: >- | |
| Specifies the output format of the | |
| exposed resources, defaults to "1" | |
| type: string | |
| resource: | |
| description: 'Required: resource to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| secretKeyRef: | |
| description: >- | |
| Selects a key of a secret in the pod's | |
| namespace | |
| properties: | |
| key: | |
| description: >- | |
| The key of the secret to select from. | |
| Must be a valid secret key. | |
| type: string | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the Secret or it's key | |
| must be defined | |
| type: boolean | |
| required: | |
| - key | |
| type: object | |
| type: object | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| envFrom: | |
| description: >- | |
| List of sources to populate environment | |
| variables in the container. The keys defined | |
| within a source must be a C_IDENTIFIER. All | |
| invalid keys will be reported as an event when | |
| the container is starting. When a key exists | |
| in multiple sources, the value associated with | |
| the last source will take precedence. Values | |
| defined by an Env with a duplicate key will | |
| take precedence. Cannot be updated. | |
| items: | |
| description: >- | |
| EnvFromSource represents the source of a set | |
| of ConfigMaps | |
| properties: | |
| configMapRef: | |
| description: The ConfigMap to select from | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the ConfigMap must be | |
| defined | |
| type: boolean | |
| type: object | |
| prefix: | |
| description: >- | |
| An optional identifier to prepend to | |
| each key in the ConfigMap. Must be a | |
| C_IDENTIFIER. | |
| type: string | |
| secretRef: | |
| description: The Secret to select from | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the Secret must be | |
| defined | |
| type: boolean | |
| type: object | |
| type: object | |
| type: array | |
| image: | |
| description: >- | |
| Docker image name. More info: | |
| https://kubernetes.io/docs/concepts/containers/images | |
| This field is optional to allow higher level | |
| config management to default or override | |
| container images in workload controllers like | |
| Deployments and StatefulSets. | |
| type: string | |
| imagePullPolicy: | |
| description: >- | |
| Image pull policy. One of Always, Never, | |
| IfNotPresent. Defaults to Always if :latest | |
| tag is specified, or IfNotPresent otherwise. | |
| Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/containers/images#updating-images | |
| type: string | |
| lifecycle: | |
| description: >- | |
| Actions that the management system should take | |
| in response to container lifecycle events. | |
| Cannot be updated. | |
| properties: | |
| postStart: | |
| description: >- | |
| PostStart is called immediately after a | |
| container is created. If the handler | |
| fails, the container is terminated and | |
| restarted according to its restart policy. | |
| Other management of the container blocks | |
| until the hook completes. More info: | |
| https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP | |
| lifecycle hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| preStop: | |
| description: >- | |
| PreStop is called immediately before a | |
| container is terminated due to an API | |
| request or management event such as | |
| liveness probe failure, preemption, | |
| resource contention, etc. The handler is | |
| not called if the container crashes or | |
| exits. The reason for termination is | |
| passed to the handler. The Pod's | |
| termination grace period countdown begins | |
| before the PreStop hooked is executed. | |
| Regardless of the outcome of the handler, | |
| the container will eventually terminate | |
| within the Pod's termination grace period. | |
| Other management of the container blocks | |
| until the hook completes or until the | |
| termination grace period is reached. More | |
| info: | |
| https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action | |
| to take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving | |
| a TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP | |
| lifecycle hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| type: object | |
| type: object | |
| livenessProbe: | |
| description: >- | |
| Periodic probe of container liveness. | |
| Container will be restarted if the probe | |
| fails. Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action to | |
| take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: >- | |
| Minimum consecutive failures for the probe | |
| to be considered failed after having | |
| succeeded. Defaults to 3. Minimum value is | |
| 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: >- | |
| Number of seconds after the container has | |
| started before liveness probes are | |
| initiated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: >- | |
| How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum | |
| value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: >- | |
| Minimum consecutive successes for the | |
| probe to be considered successful after | |
| having failed. Defaults to 1. Must be 1 | |
| for liveness. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving a | |
| TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP lifecycle | |
| hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: >- | |
| Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum | |
| value is 1. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| type: object | |
| name: | |
| description: >- | |
| Name of the container specified as a | |
| DNS_LABEL. Each container in a pod must have a | |
| unique name (DNS_LABEL). Cannot be updated. | |
| type: string | |
| ports: | |
| description: >- | |
| List of ports to expose from the container. | |
| Exposing a port here gives the system | |
| additional information about the network | |
| connections a container uses, but is primarily | |
| informational. Not specifying a port here DOES | |
| NOT prevent that port from being exposed. Any | |
| port which is listening on the default | |
| "0.0.0.0" address inside a container will be | |
| accessible from the network. Cannot be | |
| updated. | |
| items: | |
| description: >- | |
| ContainerPort represents a network port in a | |
| single container. | |
| properties: | |
| containerPort: | |
| description: >- | |
| Number of port to expose on the pod's IP | |
| address. This must be a valid port | |
| number, 0 < x < 65536. | |
| format: int32 | |
| type: integer | |
| hostIP: | |
| description: >- | |
| What host IP to bind the external port | |
| to. | |
| type: string | |
| hostPort: | |
| description: >- | |
| Number of port to expose on the host. If | |
| specified, this must be a valid port | |
| number, 0 < x < 65536. If HostNetwork is | |
| specified, this must match | |
| ContainerPort. Most containers do not | |
| need this. | |
| format: int32 | |
| type: integer | |
| name: | |
| description: >- | |
| If specified, this must be an | |
| IANA_SVC_NAME and unique within the pod. | |
| Each named port in a pod must have a | |
| unique name. Name for the port that can | |
| be referred to by services. | |
| type: string | |
| protocol: | |
| description: >- | |
| Protocol for port. Must be UDP, TCP, or | |
| SCTP. Defaults to "TCP". | |
| type: string | |
| required: | |
| - containerPort | |
| type: object | |
| type: array | |
| readinessProbe: | |
| description: >- | |
| Periodic probe of container service readiness. | |
| Container will be removed from service | |
| endpoints if the probe fails. Cannot be | |
| updated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| properties: | |
| exec: | |
| description: >- | |
| One and only one of the following should | |
| be specified. Exec specifies the action to | |
| take. | |
| properties: | |
| command: | |
| description: >- | |
| Command is the command line to execute | |
| inside the container, the working | |
| directory for the command is root ('/') | |
| in the container's filesystem. The | |
| command is simply exec'd, it is not run | |
| inside a shell, so traditional shell | |
| instructions ('|', etc) won't work. To | |
| use a shell, you need to explicitly call | |
| out to that shell. Exit status of 0 is | |
| treated as live/healthy and non-zero is | |
| unhealthy. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| failureThreshold: | |
| description: >- | |
| Minimum consecutive failures for the probe | |
| to be considered failed after having | |
| succeeded. Defaults to 3. Minimum value is | |
| 1. | |
| format: int32 | |
| type: integer | |
| httpGet: | |
| description: >- | |
| HTTPGet specifies the http request to | |
| perform. | |
| properties: | |
| host: | |
| description: >- | |
| Host name to connect to, defaults to the | |
| pod IP. You probably want to set "Host" | |
| in httpHeaders instead. | |
| type: string | |
| httpHeaders: | |
| description: >- | |
| Custom headers to set in the request. | |
| HTTP allows repeated headers. | |
| items: | |
| description: >- | |
| HTTPHeader describes a custom header to | |
| be used in HTTP probes | |
| properties: | |
| name: | |
| description: The header field name | |
| type: string | |
| value: | |
| description: The header field value | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| path: | |
| description: Path to access on the HTTP server. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Name or number of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| scheme: | |
| description: >- | |
| Scheme to use for connecting to the | |
| host. Defaults to HTTP. | |
| type: string | |
| required: | |
| - port | |
| type: object | |
| initialDelaySeconds: | |
| description: >- | |
| Number of seconds after the container has | |
| started before liveness probes are | |
| initiated. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| periodSeconds: | |
| description: >- | |
| How often (in seconds) to perform the | |
| probe. Default to 10 seconds. Minimum | |
| value is 1. | |
| format: int32 | |
| type: integer | |
| successThreshold: | |
| description: >- | |
| Minimum consecutive successes for the | |
| probe to be considered successful after | |
| having failed. Defaults to 1. Must be 1 | |
| for liveness. Minimum value is 1. | |
| format: int32 | |
| type: integer | |
| tcpSocket: | |
| description: >- | |
| TCPSocket specifies an action involving a | |
| TCP port. TCP hooks not yet supported | |
| TODO: implement a realistic TCP lifecycle | |
| hook | |
| properties: | |
| host: | |
| description: >- | |
| Optional: Host name to connect to, | |
| defaults to the pod IP. | |
| type: string | |
| port: | |
| anyOf: | |
| - type: string | |
| - type: integer | |
| description: >- | |
| Number or name of the port to access on | |
| the container. Number must be in the | |
| range 1 to 65535. Name must be an | |
| IANA_SVC_NAME. | |
| required: | |
| - port | |
| type: object | |
| timeoutSeconds: | |
| description: >- | |
| Number of seconds after which the probe | |
| times out. Defaults to 1 second. Minimum | |
| value is 1. More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes | |
| format: int32 | |
| type: integer | |
| type: object | |
| resources: | |
| description: >- | |
| Compute Resources required by this container. | |
| Cannot be updated. More info: | |
| https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| properties: | |
| limits: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| Limits describes the maximum amount of | |
| compute resources allowed. More info: | |
| https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| type: object | |
| requests: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| Requests describes the minimum amount of | |
| compute resources required. If Requests is | |
| omitted for a container, it defaults to | |
| Limits if that is explicitly specified, | |
| otherwise to an implementation-defined | |
| value. More info: | |
| https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| type: object | |
| type: object | |
| securityContext: | |
| description: >- | |
| Security options the pod should run with. More | |
| info: | |
| https://kubernetes.io/docs/concepts/policy/security-context/ | |
| More info: | |
| https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| properties: | |
| allowPrivilegeEscalation: | |
| description: >- | |
| AllowPrivilegeEscalation controls whether | |
| a process can gain more privileges than | |
| its parent process. This bool directly | |
| controls if the no_new_privs flag will be | |
| set on the container process. | |
| AllowPrivilegeEscalation is true always | |
| when the container is: 1) run as | |
| Privileged 2) has CAP_SYS_ADMIN | |
| type: boolean | |
| capabilities: | |
| description: >- | |
| The capabilities to add/drop when running | |
| containers. Defaults to the default set of | |
| capabilities granted by the container | |
| runtime. | |
| properties: | |
| add: | |
| description: Added capabilities | |
| items: | |
| description: >- | |
| Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| drop: | |
| description: Removed capabilities | |
| items: | |
| description: >- | |
| Capability represent POSIX capabilities | |
| type | |
| type: string | |
| type: array | |
| type: object | |
| privileged: | |
| description: >- | |
| Run container in privileged mode. | |
| Processes in privileged containers are | |
| essentially equivalent to root on the | |
| host. Defaults to false. | |
| type: boolean | |
| procMount: | |
| description: >- | |
| procMount denotes the type of proc mount | |
| to use for the containers. The default is | |
| DefaultProcMount which uses the container | |
| runtime defaults for readonly paths and | |
| masked paths. This requires the | |
| ProcMountType feature flag to be enabled. | |
| type: string | |
| readOnlyRootFilesystem: | |
| description: >- | |
| Whether this container has a read-only | |
| root filesystem. Default is false. | |
| type: boolean | |
| runAsGroup: | |
| description: >- | |
| The GID to run the entrypoint of the | |
| container process. Uses runtime default if | |
| unset. May also be set in | |
| PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| format: int64 | |
| type: integer | |
| runAsNonRoot: | |
| description: >- | |
| Indicates that the container must run as a | |
| non-root user. If true, the Kubelet will | |
| validate the image at runtime to ensure | |
| that it does not run as UID 0 (root) and | |
| fail to start the container if it does. If | |
| unset or false, no such validation will be | |
| performed. May also be set in | |
| PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| type: boolean | |
| runAsUser: | |
| description: >- | |
| The UID to run the entrypoint of the | |
| container process. Defaults to user | |
| specified in image metadata if | |
| unspecified. May also be set in | |
| PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| format: int64 | |
| type: integer | |
| seLinuxOptions: | |
| description: >- | |
| The SELinux context to be applied to the | |
| container. If unspecified, the container | |
| runtime will allocate a random SELinux | |
| context for each container. May also be | |
| set in PodSecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, | |
| the value specified in SecurityContext | |
| takes precedence. | |
| properties: | |
| level: | |
| description: >- | |
| Level is SELinux level label that | |
| applies to the container. | |
| type: string | |
| role: | |
| description: >- | |
| Role is a SELinux role label that | |
| applies to the container. | |
| type: string | |
| type: | |
| description: >- | |
| Type is a SELinux type label that | |
| applies to the container. | |
| type: string | |
| user: | |
| description: >- | |
| User is a SELinux user label that | |
| applies to the container. | |
| type: string | |
| type: object | |
| type: object | |
| stdin: | |
| description: >- | |
| Whether this container should allocate a | |
| buffer for stdin in the container runtime. If | |
| this is not set, reads from stdin in the | |
| container will always result in EOF. Default | |
| is false. | |
| type: boolean | |
| stdinOnce: | |
| description: >- | |
| Whether the container runtime should close the | |
| stdin channel after it has been opened by a | |
| single attach. When stdin is true the stdin | |
| stream will remain open across multiple attach | |
| sessions. If stdinOnce is set to true, stdin | |
| is opened on container start, is empty until | |
| the first client attaches to stdin, and then | |
| remains open and accepts data until the client | |
| disconnects, at which time stdin is closed and | |
| remains closed until the container is | |
| restarted. If this flag is false, a container | |
| processes that reads from stdin will never | |
| receive an EOF. Default is false | |
| type: boolean | |
| terminationMessagePath: | |
| description: >- | |
| Optional: Path at which the file to which the | |
| container's termination message will be | |
| written is mounted into the container's | |
| filesystem. Message written is intended to be | |
| brief final status, such as an assertion | |
| failure message. Will be truncated by the node | |
| if greater than 4096 bytes. The total message | |
| length across all containers will be limited | |
| to 12kb. Defaults to /dev/termination-log. | |
| Cannot be updated. | |
| type: string | |
| terminationMessagePolicy: | |
| description: >- | |
| Indicate how the termination message should be | |
| populated. File will use the contents of | |
| terminationMessagePath to populate the | |
| container status message on both success and | |
| failure. FallbackToLogsOnError will use the | |
| last chunk of container log output if the | |
| termination message file is empty and the | |
| container exited with an error. The log output | |
| is limited to 2048 bytes or 80 lines, | |
| whichever is smaller. Defaults to File. Cannot | |
| be updated. | |
| type: string | |
| tty: | |
| description: >- | |
| Whether this container should allocate a TTY | |
| for itself, also requires 'stdin' to be true. | |
| Default is false. | |
| type: boolean | |
| volumeDevices: | |
| description: >- | |
| volumeDevices is the list of block devices to | |
| be used by the container. This is a beta | |
| feature. | |
| items: | |
| description: >- | |
| volumeDevice describes a mapping of a raw | |
| block device within a container. | |
| properties: | |
| devicePath: | |
| description: >- | |
| devicePath is the path inside of the | |
| container that the device will be mapped | |
| to. | |
| type: string | |
| name: | |
| description: >- | |
| name must match the name of a | |
| persistentVolumeClaim in the pod | |
| type: string | |
| required: | |
| - devicePath | |
| - name | |
| type: object | |
| type: array | |
| volumeMounts: | |
| description: >- | |
| Pod volumes to mount into the container's | |
| filesystem. Cannot be updated. | |
| items: | |
| description: >- | |
| VolumeMount describes a mounting of a Volume | |
| within a container. | |
| properties: | |
| mountPath: | |
| description: >- | |
| Path within the container at which the | |
| volume should be mounted. Must not | |
| contain ':'. | |
| type: string | |
| mountPropagation: | |
| description: >- | |
| mountPropagation determines how mounts | |
| are propagated from the host to | |
| container and the other way around. When | |
| not set, MountPropagationNone is used. | |
| This field is beta in 1.10. | |
| type: string | |
| name: | |
| description: This must match the Name of a Volume. | |
| type: string | |
| readOnly: | |
| description: >- | |
| Mounted read-only if true, read-write | |
| otherwise (false or unspecified). | |
| Defaults to false. | |
| type: boolean | |
| subPath: | |
| description: >- | |
| Path within the volume from which the | |
| container's volume should be mounted. | |
| Defaults to "" (volume's root). | |
| type: string | |
| subPathExpr: | |
| description: >- | |
| Expanded path within the volume from | |
| which the container's volume should be | |
| mounted. Behaves similarly to SubPath | |
| but environment variable references | |
| $(VAR_NAME) are expanded using the | |
| container's environment. Defaults to "" | |
| (volume's root). SubPathExpr and SubPath | |
| are mutually exclusive. This field is | |
| alpha in 1.14. | |
| type: string | |
| required: | |
| - mountPath | |
| - name | |
| type: object | |
| type: array | |
| workingDir: | |
| description: >- | |
| Container's working directory. If not | |
| specified, the container runtime's default | |
| will be used, which might be configured in the | |
| container image. Cannot be updated. | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| nodeName: | |
| description: >- | |
| NodeName is a request to schedule this pod onto a | |
| specific node. If it is non-empty, the scheduler | |
| simply schedules this pod onto that node, assuming | |
| that it fits resource requirements. | |
| type: string | |
| nodeSelector: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| NodeSelector is a selector which must be true for | |
| the pod to fit on a node. Selector which must match | |
| a node's labels for the pod to be scheduled on that | |
| node. More info: | |
| https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | |
| type: object | |
| priority: | |
| description: >- | |
| The priority value. Various system components use | |
| this field to find the priority of the pod. When | |
| Priority Admission Controller is enabled, it | |
| prevents users from setting this field. The | |
| admission controller populates this field from | |
| PriorityClassName. The higher the value, the higher | |
| the priority. | |
| format: int32 | |
| type: integer | |
| priorityClassName: | |
| description: >- | |
| If specified, indicates the pod's priority. | |
| "system-node-critical" and "system-cluster-critical" | |
| are two special keywords which indicate the highest | |
| priorities with the former being the highest | |
| priority. Any other name must be defined by creating | |
| a PriorityClass object with that name. If not | |
| specified, the pod priority will be default or zero | |
| if there is no default. | |
| type: string | |
| readinessGates: | |
| description: >- | |
| If specified, all readiness gates will be evaluated | |
| for pod readiness. A pod is ready when all its | |
| containers are ready AND all conditions specified in | |
| the readiness gates have status equal to "True" More | |
| info: | |
| https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md | |
| items: | |
| description: >- | |
| PodReadinessGate contains the reference to a pod | |
| condition | |
| properties: | |
| conditionType: | |
| description: >- | |
| ConditionType refers to a condition in the | |
| pod's condition list with matching type. | |
| type: string | |
| required: | |
| - conditionType | |
| type: object | |
| type: array | |
| restartPolicy: | |
| description: >- | |
| Restart policy for all containers within the pod. | |
| One of Always, OnFailure, Never. Default to Always. | |
| More info: | |
| https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy | |
| type: string | |
| runtimeClassName: | |
| description: >- | |
| RuntimeClassName refers to a RuntimeClass object in | |
| the node.k8s.io group, which should be used to run | |
| this pod. If no RuntimeClass resource matches the | |
| named class, the pod will not be run. If unset or | |
| empty, the "legacy" RuntimeClass will be used, which | |
| is an implicit class with an empty definition that | |
| uses the default runtime handler. More info: | |
| https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md | |
| This is an alpha feature and may change in the | |
| future. | |
| type: string | |
| schedulerName: | |
| description: >- | |
| If specified, the pod will be dispatched by | |
| specified scheduler. If not specified, the pod will | |
| be dispatched by default scheduler. | |
| type: string | |
| securityContext: | |
| description: >- | |
| SecurityContext holds pod-level security attributes | |
| and common container settings. Optional: Defaults to | |
| empty. See type description for default values of | |
| each field. | |
| properties: | |
| fsGroup: | |
| description: >- | |
| A special supplemental group that applies to all | |
| containers in a pod. Some volume types allow the | |
| Kubelet to change the ownership of that volume | |
| to be owned by the pod: | |
| 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- | |
| If unset, the Kubelet will not modify the ownership and permissions of any volume. | |
| format: int64 | |
| type: integer | |
| runAsGroup: | |
| description: >- | |
| The GID to run the entrypoint of the container | |
| process. Uses runtime default if unset. May also | |
| be set in SecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, the | |
| value specified in SecurityContext takes | |
| precedence for that container. | |
| format: int64 | |
| type: integer | |
| runAsNonRoot: | |
| description: >- | |
| Indicates that the container must run as a | |
| non-root user. If true, the Kubelet will | |
| validate the image at runtime to ensure that it | |
| does not run as UID 0 (root) and fail to start | |
| the container if it does. If unset or false, no | |
| such validation will be performed. May also be | |
| set in SecurityContext. If set in both | |
| SecurityContext and PodSecurityContext, the | |
| value specified in SecurityContext takes | |
| precedence. | |
| type: boolean | |
| runAsUser: | |
| description: >- | |
| The UID to run the entrypoint of the container | |
| process. Defaults to user specified in image | |
| metadata if unspecified. May also be set in | |
| SecurityContext. If set in both SecurityContext | |
| and PodSecurityContext, the value specified in | |
| SecurityContext takes precedence for that | |
| container. | |
| format: int64 | |
| type: integer | |
| seLinuxOptions: | |
| description: >- | |
| The SELinux context to be applied to all | |
| containers. If unspecified, the container | |
| runtime will allocate a random SELinux context | |
| for each container. May also be set in | |
| SecurityContext. If set in both SecurityContext | |
| and PodSecurityContext, the value specified in | |
| SecurityContext takes precedence for that | |
| container. | |
| properties: | |
| level: | |
| description: >- | |
| Level is SELinux level label that applies to | |
| the container. | |
| type: string | |
| role: | |
| description: >- | |
| Role is a SELinux role label that applies to | |
| the container. | |
| type: string | |
| type: | |
| description: >- | |
| Type is a SELinux type label that applies to | |
| the container. | |
| type: string | |
| user: | |
| description: >- | |
| User is a SELinux user label that applies to | |
| the container. | |
| type: string | |
| type: object | |
| supplementalGroups: | |
| description: >- | |
| A list of groups applied to the first process | |
| run in each container, in addition to the | |
| container's primary GID. If unspecified, no | |
| groups will be added to any container. | |
| items: | |
| format: int64 | |
| type: integer | |
| type: array | |
| sysctls: | |
| description: >- | |
| Sysctls hold a list of namespaced sysctls used | |
| for the pod. Pods with unsupported sysctls (by | |
| the container runtime) might fail to launch. | |
| items: | |
| description: Sysctl defines a kernel parameter to be set | |
| properties: | |
| name: | |
| description: Name of a property to set | |
| type: string | |
| value: | |
| description: Value of a property to set | |
| type: string | |
| required: | |
| - name | |
| - value | |
| type: object | |
| type: array | |
| type: object | |
| serviceAccount: | |
| description: >- | |
| DeprecatedServiceAccount is a depreciated alias for | |
| ServiceAccountName. Deprecated: Use | |
| serviceAccountName instead. | |
| type: string | |
| serviceAccountName: | |
| description: >- | |
| ServiceAccountName is the name of the ServiceAccount | |
| to use to run this pod. More info: | |
| https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | |
| type: string | |
| shareProcessNamespace: | |
| description: >- | |
| Share a single process namespace between all of the | |
| containers in a pod. When this is set containers | |
| will be able to view and signal processes from other | |
| containers in the same pod, and the first process in | |
| each container will not be assigned PID 1. HostPID | |
| and ShareProcessNamespace cannot both be set. | |
| Optional: Default to false. This field is beta-level | |
| and may be disabled with the | |
| PodShareProcessNamespace feature. | |
| type: boolean | |
| subdomain: | |
| description: >- | |
| If specified, the fully qualified Pod hostname will | |
| be "<hostname>.<subdomain>.<pod | |
| namespace>.svc.<cluster domain>". If not specified, | |
| the pod will not have a domainname at all. | |
| type: string | |
| terminationGracePeriodSeconds: | |
| description: >- | |
| Optional duration in seconds the pod needs to | |
| terminate gracefully. May be decreased in delete | |
| request. Value must be non-negative integer. The | |
| value zero indicates delete immediately. If this | |
| value is nil, the default grace period will be used | |
| instead. The grace period is the duration in seconds | |
| after the processes running in the pod are sent a | |
| termination signal and the time when the processes | |
| are forcibly halted with a kill signal. Set this | |
| value longer than the expected cleanup time for your | |
| process. Defaults to 30 seconds. | |
| format: int64 | |
| type: integer | |
| tolerations: | |
| description: 'If specified, the pod''s tolerations.' | |
| items: | |
| description: >- | |
| The pod this Toleration is attached to tolerates | |
| any taint that matches the triple | |
| <key,value,effect> using the matching operator | |
| <operator>. | |
| properties: | |
| effect: | |
| description: >- | |
| Effect indicates the taint effect to match. | |
| Empty means match all taint effects. When | |
| specified, allowed values are NoSchedule, | |
| PreferNoSchedule and NoExecute. | |
| type: string | |
| key: | |
| description: >- | |
| Key is the taint key that the toleration | |
| applies to. Empty means match all taint keys. | |
| If the key is empty, operator must be Exists; | |
| this combination means to match all values and | |
| all keys. | |
| type: string | |
| operator: | |
| description: >- | |
| Operator represents a key's relationship to | |
| the value. Valid operators are Exists and | |
| Equal. Defaults to Equal. Exists is equivalent | |
| to wildcard for value, so that a pod can | |
| tolerate all taints of a particular category. | |
| type: string | |
| tolerationSeconds: | |
| description: >- | |
| TolerationSeconds represents the period of | |
| time the toleration (which must be of effect | |
| NoExecute, otherwise this field is ignored) | |
| tolerates the taint. By default, it is not | |
| set, which means tolerate the taint forever | |
| (do not evict). Zero and negative values will | |
| be treated as 0 (evict immediately) by the | |
| system. | |
| format: int64 | |
| type: integer | |
| value: | |
| description: >- | |
| Value is the taint value the toleration | |
| matches to. If the operator is Exists, the | |
| value should be empty, otherwise just a | |
| regular string. | |
| type: string | |
| type: object | |
| type: array | |
| volumes: | |
| description: >- | |
| List of volumes that can be mounted by containers | |
| belonging to the pod. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes | |
| items: | |
| description: >- | |
| Volume represents a named volume in a pod that may | |
| be accessed by any container in the pod. | |
| properties: | |
| awsElasticBlockStore: | |
| description: >- | |
| AWSElasticBlockStore represents an AWS Disk | |
| resource that is attached to a kubelet's host | |
| machine and then exposed to the pod. More | |
| info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the | |
| filesystem type is supported by the host | |
| operating system. Examples: "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | |
| TODO: how do we prevent errors in the | |
| filesystem from compromising the machine | |
| type: string | |
| partition: | |
| description: >- | |
| The partition in the volume that you want | |
| to mount. If omitted, the default is to | |
| mount by volume name. Examples: For volume | |
| /dev/sda1, you specify the partition as | |
| "1". Similarly, the volume partition for | |
| /dev/sda is "0" (or you can leave the | |
| property empty). | |
| format: int32 | |
| type: integer | |
| readOnly: | |
| description: >- | |
| Specify "true" to force and set the | |
| ReadOnly property in VolumeMounts to | |
| "true". If omitted, the default is | |
| "false". More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | |
| type: boolean | |
| volumeID: | |
| description: >- | |
| Unique ID of the persistent disk resource | |
| in AWS (Amazon EBS volume). More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | |
| type: string | |
| required: | |
| - volumeID | |
| type: object | |
| azureDisk: | |
| description: >- | |
| AzureDisk represents an Azure Data Disk mount | |
| on the host and bind mount to the pod. | |
| properties: | |
| cachingMode: | |
| description: >- | |
| Host Caching mode: None, Read Only, Read | |
| Write. | |
| type: string | |
| diskName: | |
| description: >- | |
| The Name of the data disk in the blob | |
| storage | |
| type: string | |
| diskURI: | |
| description: The URI the data disk in the blob storage | |
| type: string | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Ex. "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. | |
| type: string | |
| kind: | |
| description: >- | |
| Expected values Shared: multiple blob | |
| disks per storage account Dedicated: | |
| single blob disk per storage account | |
| Managed: azure managed data disk (only in | |
| managed availability set). defaults to | |
| shared | |
| type: string | |
| readOnly: | |
| description: >- | |
| Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in | |
| VolumeMounts. | |
| type: boolean | |
| required: | |
| - diskName | |
| - diskURI | |
| type: object | |
| azureFile: | |
| description: >- | |
| AzureFile represents an Azure File Service | |
| mount on the host and bind mount to the pod. | |
| properties: | |
| readOnly: | |
| description: >- | |
| Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in | |
| VolumeMounts. | |
| type: boolean | |
| secretName: | |
| description: >- | |
| the name of secret that contains Azure | |
| Storage Account Name and Key | |
| type: string | |
| shareName: | |
| description: Share Name | |
| type: string | |
| required: | |
| - secretName | |
| - shareName | |
| type: object | |
| cephfs: | |
| description: >- | |
| CephFS represents a Ceph FS mount on the host | |
| that shares a pod's lifetime | |
| properties: | |
| monitors: | |
| description: >- | |
| Required: Monitors is a collection of Ceph | |
| monitors More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it | |
| items: | |
| type: string | |
| type: array | |
| path: | |
| description: >- | |
| Optional: Used as the mounted root, rather | |
| than the full Ceph tree, default is / | |
| type: string | |
| readOnly: | |
| description: >- | |
| Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it | |
| type: boolean | |
| secretFile: | |
| description: >- | |
| Optional: SecretFile is the path to key | |
| ring for User, default is | |
| /etc/ceph/user.secret More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it | |
| type: string | |
| secretRef: | |
| description: >- | |
| Optional: SecretRef is reference to the | |
| authentication secret for User, default is | |
| empty. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| user: | |
| description: >- | |
| Optional: User is the rados user name, | |
| default is admin More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it | |
| type: string | |
| required: | |
| - monitors | |
| type: object | |
| cinder: | |
| description: >- | |
| Cinder represents a cinder volume attached and | |
| mounted on kubelets host machine More info: | |
| https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Examples: "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. More info: | |
| https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md | |
| type: string | |
| readOnly: | |
| description: >- | |
| Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. More info: | |
| https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md | |
| type: boolean | |
| secretRef: | |
| description: >- | |
| Optional: points to a secret object | |
| containing parameters used to connect to | |
| OpenStack. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| volumeID: | |
| description: >- | |
| volume id used to identify the volume in | |
| cinder More info: | |
| https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md | |
| type: string | |
| required: | |
| - volumeID | |
| type: object | |
| configMap: | |
| description: >- | |
| ConfigMap represents a configMap that should | |
| populate this volume | |
| properties: | |
| defaultMode: | |
| description: >- | |
| Optional: mode bits to use on created | |
| files by default. Must be a value between | |
| 0 and 0777. Defaults to 0644. Directories | |
| within the path are not affected by this | |
| setting. This might be in conflict with | |
| other options that affect the file mode, | |
| like fsGroup, and the result can be other | |
| mode bits set. | |
| format: int32 | |
| type: integer | |
| items: | |
| description: >- | |
| If unspecified, each key-value pair in the | |
| Data field of the referenced ConfigMap | |
| will be projected into the volume as a | |
| file whose name is the key and content is | |
| the value. If specified, the listed keys | |
| will be projected into the specified | |
| paths, and unlisted keys will not be | |
| present. If a key is specified which is | |
| not present in the ConfigMap, the volume | |
| setup will error unless it is marked | |
| optional. Paths must be relative and may | |
| not contain the '..' path or start with | |
| '..'. | |
| items: | |
| description: >- | |
| Maps a string key to a path within a | |
| volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: >- | |
| Optional: mode bits to use on this file, | |
| must be a value between 0 and 0777. If | |
| not specified, the volume defaultMode | |
| will be used. This might be in conflict | |
| with other options that affect the file | |
| mode, like fsGroup, and the result can | |
| be other mode bits set. | |
| format: int32 | |
| type: integer | |
| path: | |
| description: >- | |
| The relative path of the file to map the | |
| key to. May not be an absolute path. May | |
| not contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. apiVersion, | |
| kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the ConfigMap or it's keys | |
| must be defined | |
| type: boolean | |
| type: object | |
| csi: | |
| description: >- | |
| CSI (Container Storage Interface) represents | |
| storage that is handled by an external CSI | |
| driver (Alpha feature). | |
| properties: | |
| driver: | |
| description: >- | |
| Driver is the name of the CSI driver that | |
| handles this volume. Consult with your | |
| admin for the correct name as registered | |
| in the cluster. | |
| type: string | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Ex. "ext4", | |
| "xfs", "ntfs". If not provided, the empty | |
| value is passed to the associated CSI | |
| driver which will determine the default | |
| filesystem to apply. | |
| type: string | |
| nodePublishSecretRef: | |
| description: >- | |
| NodePublishSecretRef is a reference to the | |
| secret object containing sensitive | |
| information to pass to the CSI driver to | |
| complete the CSI NodePublishVolume and | |
| NodeUnpublishVolume calls. This field is | |
| optional, and may be empty if no secret | |
| is required. If the secret object contains | |
| more than one secret, all secret | |
| references are passed. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| readOnly: | |
| description: >- | |
| Specifies a read-only configuration for | |
| the volume. Defaults to false | |
| (read/write). | |
| type: boolean | |
| volumeAttributes: | |
| additionalProperties: | |
| type: string | |
| description: >- | |
| VolumeAttributes stores driver-specific | |
| properties that are passed to the CSI | |
| driver. Consult your driver's | |
| documentation for supported values. | |
| type: object | |
| required: | |
| - driver | |
| type: object | |
| downwardAPI: | |
| description: >- | |
| DownwardAPI represents downward API about the | |
| pod that should populate this volume | |
| properties: | |
| defaultMode: | |
| description: >- | |
| Optional: mode bits to use on created | |
| files by default. Must be a value between | |
| 0 and 0777. Defaults to 0644. Directories | |
| within the path are not affected by this | |
| setting. This might be in conflict with | |
| other options that affect the file mode, | |
| like fsGroup, and the result can be other | |
| mode bits set. | |
| format: int32 | |
| type: integer | |
| items: | |
| description: >- | |
| Items is a list of downward API volume | |
| file | |
| items: | |
| description: >- | |
| DownwardAPIVolumeFile represents | |
| information to create the file | |
| containing the pod field | |
| properties: | |
| fieldRef: | |
| description: >- | |
| Required: Selects a field of the pod: | |
| only annotations, labels, name and | |
| namespace are supported. | |
| properties: | |
| apiVersion: | |
| description: >- | |
| Version of the schema the FieldPath is | |
| written in terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: >- | |
| Path of the field to select in the | |
| specified API version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| mode: | |
| description: >- | |
| Optional: mode bits to use on this file, | |
| must be a value between 0 and 0777. If | |
| not specified, the volume defaultMode | |
| will be used. This might be in conflict | |
| with other options that affect the file | |
| mode, like fsGroup, and the result can | |
| be other mode bits set. | |
| format: int32 | |
| type: integer | |
| path: | |
| description: >- | |
| Required: Path is the relative path | |
| name of the file to be created. Must not | |
| be absolute or contain the '..' path. | |
| Must be utf-8 encoded. The first item of | |
| the relative path must not start with | |
| '..' | |
| type: string | |
| resourceFieldRef: | |
| description: >- | |
| Selects a resource of the container: | |
| only resources limits and requests | |
| (limits.cpu, limits.memory, requests.cpu | |
| and requests.memory) are currently | |
| supported. | |
| properties: | |
| containerName: | |
| description: >- | |
| Container name: required for volumes, | |
| optional for env vars | |
| type: string | |
| divisor: | |
| description: >- | |
| Specifies the output format of the | |
| exposed resources, defaults to "1" | |
| type: string | |
| resource: | |
| description: 'Required: resource to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| required: | |
| - path | |
| type: object | |
| type: array | |
| type: object | |
| emptyDir: | |
| description: >- | |
| EmptyDir represents a temporary directory that | |
| shares a pod's lifetime. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#emptydir | |
| properties: | |
| medium: | |
| description: >- | |
| What type of storage medium should back | |
| this directory. The default is "" which | |
| means to use the node's default medium. | |
| Must be an empty string (default) or | |
| Memory. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#emptydir | |
| type: string | |
| sizeLimit: | |
| description: >- | |
| Total amount of local storage required for | |
| this EmptyDir volume. The size limit is | |
| also applicable for memory medium. The | |
| maximum usage on memory medium EmptyDir | |
| would be the minimum value between the | |
| SizeLimit specified here and the sum of | |
| memory limits of all containers in a pod. | |
| The default is nil which means that the | |
| limit is undefined. More info: | |
| http://kubernetes.io/docs/user-guide/volumes#emptydir | |
| type: string | |
| type: object | |
| fc: | |
| description: >- | |
| FC represents a Fibre Channel resource that is | |
| attached to a kubelet's host machine and then | |
| exposed to the pod. | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Ex. "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. TODO: how do we prevent | |
| errors in the filesystem from compromising | |
| the machine | |
| type: string | |
| lun: | |
| description: 'Optional: FC target lun number' | |
| format: int32 | |
| type: integer | |
| readOnly: | |
| description: >- | |
| Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. | |
| type: boolean | |
| targetWWNs: | |
| description: 'Optional: FC target worldwide names (WWNs)' | |
| items: | |
| type: string | |
| type: array | |
| wwids: | |
| description: >- | |
| Optional: FC volume world wide identifiers | |
| (wwids) Either wwids or combination of | |
| targetWWNs and lun must be set, but not | |
| both simultaneously. | |
| items: | |
| type: string | |
| type: array | |
| type: object | |
| flexVolume: | |
| description: >- | |
| FlexVolume represents a generic volume | |
| resource that is provisioned/attached using an | |
| exec based plugin. | |
| properties: | |
| driver: | |
| description: >- | |
| Driver is the name of the driver to use | |
| for this volume. | |
| type: string | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Ex. "ext4", "xfs", | |
| "ntfs". The default filesystem depends on | |
| FlexVolume script. | |
| type: string | |
| options: | |
| additionalProperties: | |
| type: string | |
| description: 'Optional: Extra command options if any.' | |
| type: object | |
| readOnly: | |
| description: >- | |
| Optional: Defaults to false (read/write). | |
| ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. | |
| type: boolean | |
| secretRef: | |
| description: >- | |
| Optional: SecretRef is reference to the | |
| secret object containing sensitive | |
| information to pass to the plugin scripts. | |
| This may be empty if no secret object is | |
| specified. If the secret object contains | |
| more than one secret, all secrets are | |
| passed to the plugin scripts. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| required: | |
| - driver | |
| type: object | |
| flocker: | |
| description: >- | |
| Flocker represents a Flocker volume attached | |
| to a kubelet's host machine. This depends on | |
| the Flocker control service being running | |
| properties: | |
| datasetName: | |
| description: >- | |
| Name of the dataset stored as metadata -> | |
| name on the dataset for Flocker should be | |
| considered as deprecated | |
| type: string | |
| datasetUUID: | |
| description: >- | |
| UUID of the dataset. This is unique | |
| identifier of a Flocker dataset | |
| type: string | |
| type: object | |
| gcePersistentDisk: | |
| description: >- | |
| GCEPersistentDisk represents a GCE Disk | |
| resource that is attached to a kubelet's host | |
| machine and then exposed to the pod. More | |
| info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the | |
| filesystem type is supported by the host | |
| operating system. Examples: "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | |
| TODO: how do we prevent errors in the | |
| filesystem from compromising the machine | |
| type: string | |
| partition: | |
| description: >- | |
| The partition in the volume that you want | |
| to mount. If omitted, the default is to | |
| mount by volume name. Examples: For volume | |
| /dev/sda1, you specify the partition as | |
| "1". Similarly, the volume partition for | |
| /dev/sda is "0" (or you can leave the | |
| property empty). More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | |
| format: int32 | |
| type: integer | |
| pdName: | |
| description: >- | |
| Unique name of the PD resource in GCE. | |
| Used to identify the disk in GCE. More | |
| info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | |
| type: string | |
| readOnly: | |
| description: >- | |
| ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. Defaults to | |
| false. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | |
| type: boolean | |
| required: | |
| - pdName | |
| type: object | |
| gitRepo: | |
| description: >- | |
| GitRepo represents a git repository at a | |
| particular revision. DEPRECATED: GitRepo is | |
| deprecated. To provision a container with a | |
| git repo, mount an EmptyDir into an | |
| InitContainer that clones the repo using git, | |
| then mount the EmptyDir into the Pod's | |
| container. | |
| properties: | |
| directory: | |
| description: >- | |
| Target directory name. Must not contain or | |
| start with '..'. If '.' is supplied, the | |
| volume directory will be the git | |
| repository. Otherwise, if specified, the | |
| volume will contain the git repository in | |
| the subdirectory with the given name. | |
| type: string | |
| repository: | |
| description: Repository URL | |
| type: string | |
| revision: | |
| description: Commit hash for the specified revision. | |
| type: string | |
| required: | |
| - repository | |
| type: object | |
| glusterfs: | |
| description: >- | |
| Glusterfs represents a Glusterfs mount on the | |
| host that shares a pod's lifetime. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md | |
| properties: | |
| endpoints: | |
| description: >- | |
| EndpointsName is the endpoint name that | |
| details Glusterfs topology. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod | |
| type: string | |
| path: | |
| description: >- | |
| Path is the Glusterfs volume path. More | |
| info: | |
| https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod | |
| type: string | |
| readOnly: | |
| description: >- | |
| ReadOnly here will force the Glusterfs | |
| volume to be mounted with read-only | |
| permissions. Defaults to false. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod | |
| type: boolean | |
| required: | |
| - endpoints | |
| - path | |
| type: object | |
| hostPath: | |
| description: >- | |
| HostPath represents a pre-existing file or | |
| directory on the host machine that is directly | |
| exposed to the container. This is generally | |
| used for system agents or other privileged | |
| things that are allowed to see the host | |
| machine. Most containers will NOT need this. | |
| More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#hostpath | |
| --- TODO(jonesdl) We need to restrict who can | |
| use host directory mounts and who can/can not | |
| mount host directories as read/write. | |
| properties: | |
| path: | |
| description: >- | |
| Path of the directory on the host. If the | |
| path is a symlink, it will follow the link | |
| to the real path. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#hostpath | |
| type: string | |
| type: | |
| description: >- | |
| Type for HostPath Volume Defaults to "" | |
| More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#hostpath | |
| type: string | |
| required: | |
| - path | |
| type: object | |
| iscsi: | |
| description: >- | |
| ISCSI represents an ISCSI Disk resource that | |
| is attached to a kubelet's host machine and | |
| then exposed to the pod. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md | |
| properties: | |
| chapAuthDiscovery: | |
| description: >- | |
| whether support iSCSI Discovery CHAP | |
| authentication | |
| type: boolean | |
| chapAuthSession: | |
| description: >- | |
| whether support iSCSI Session CHAP | |
| authentication | |
| type: boolean | |
| fsType: | |
| description: >- | |
| Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the | |
| filesystem type is supported by the host | |
| operating system. Examples: "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#iscsi | |
| TODO: how do we prevent errors in the | |
| filesystem from compromising the machine | |
| type: string | |
| initiatorName: | |
| description: >- | |
| Custom iSCSI Initiator Name. If | |
| initiatorName is specified with | |
| iscsiInterface simultaneously, new iSCSI | |
| interface <target portal>:<volume name> | |
| will be created for the connection. | |
| type: string | |
| iqn: | |
| description: Target iSCSI Qualified Name. | |
| type: string | |
| iscsiInterface: | |
| description: >- | |
| iSCSI Interface Name that uses an iSCSI | |
| transport. Defaults to 'default' (tcp). | |
| type: string | |
| lun: | |
| description: iSCSI Target Lun number. | |
| format: int32 | |
| type: integer | |
| portals: | |
| description: >- | |
| iSCSI Target Portal List. The portal is | |
| either an IP or ip_addr:port if the port | |
| is other than default (typically TCP ports | |
| 860 and 3260). | |
| items: | |
| type: string | |
| type: array | |
| readOnly: | |
| description: >- | |
| ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. Defaults to | |
| false. | |
| type: boolean | |
| secretRef: | |
| description: >- | |
| CHAP Secret for iSCSI target and initiator | |
| authentication | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| targetPortal: | |
| description: >- | |
| iSCSI Target Portal. The Portal is either | |
| an IP or ip_addr:port if the port is other | |
| than default (typically TCP ports 860 and | |
| 3260). | |
| type: string | |
| required: | |
| - iqn | |
| - lun | |
| - targetPortal | |
| type: object | |
| name: | |
| description: >- | |
| Volume's name. Must be a DNS_LABEL and unique | |
| within the pod. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| type: string | |
| nfs: | |
| description: >- | |
| NFS represents an NFS mount on the host that | |
| shares a pod's lifetime More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs | |
| properties: | |
| path: | |
| description: >- | |
| Path that is exported by the NFS server. | |
| More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs | |
| type: string | |
| readOnly: | |
| description: >- | |
| ReadOnly here will force the NFS export to | |
| be mounted with read-only permissions. | |
| Defaults to false. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs | |
| type: boolean | |
| server: | |
| description: >- | |
| Server is the hostname or IP address of | |
| the NFS server. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#nfs | |
| type: string | |
| required: | |
| - path | |
| - server | |
| type: object | |
| persistentVolumeClaim: | |
| description: >- | |
| PersistentVolumeClaimVolumeSource represents a | |
| reference to a PersistentVolumeClaim in the | |
| same namespace. More info: | |
| https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | |
| properties: | |
| claimName: | |
| description: >- | |
| ClaimName is the name of a | |
| PersistentVolumeClaim in the same | |
| namespace as the pod using this volume. | |
| More info: | |
| https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims | |
| type: string | |
| readOnly: | |
| description: >- | |
| Will force the ReadOnly setting in | |
| VolumeMounts. Default false. | |
| type: boolean | |
| required: | |
| - claimName | |
| type: object | |
| photonPersistentDisk: | |
| description: >- | |
| PhotonPersistentDisk represents a | |
| PhotonController persistent disk attached and | |
| mounted on kubelets host machine | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Ex. "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. | |
| type: string | |
| pdID: | |
| description: >- | |
| ID that identifies Photon Controller | |
| persistent disk | |
| type: string | |
| required: | |
| - pdID | |
| type: object | |
| portworxVolume: | |
| description: >- | |
| PortworxVolume represents a portworx volume | |
| attached and mounted on kubelets host machine | |
| properties: | |
| fsType: | |
| description: >- | |
| FSType represents the filesystem type to | |
| mount Must be a filesystem type supported | |
| by the host operating system. Ex. "ext4", | |
| "xfs". Implicitly inferred to be "ext4" if | |
| unspecified. | |
| type: string | |
| readOnly: | |
| description: >- | |
| Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in | |
| VolumeMounts. | |
| type: boolean | |
| volumeID: | |
| description: >- | |
| VolumeID uniquely identifies a Portworx | |
| volume | |
| type: string | |
| required: | |
| - volumeID | |
| type: object | |
| projected: | |
| description: >- | |
| Items for all in one resources secrets, | |
| configmaps, and downward API | |
| properties: | |
| defaultMode: | |
| description: >- | |
| Mode bits to use on created files by | |
| default. Must be a value between 0 and | |
| 0777. Directories within the path are not | |
| affected by this setting. This might be in | |
| conflict with other options that affect | |
| the file mode, like fsGroup, and the | |
| result can be other mode bits set. | |
| format: int32 | |
| type: integer | |
| sources: | |
| description: list of volume projections | |
| items: | |
| description: >- | |
| Projection that may be projected along | |
| with other supported volume types | |
| properties: | |
| configMap: | |
| description: >- | |
| information about the configMap data to | |
| project | |
| properties: | |
| items: | |
| description: >- | |
| If unspecified, each key-value pair in | |
| the Data field of the referenced | |
| ConfigMap will be projected into the | |
| volume as a file whose name is the key | |
| and content is the value. If specified, | |
| the listed keys will be projected into | |
| the specified paths, and unlisted keys | |
| will not be present. If a key is | |
| specified which is not present in the | |
| ConfigMap, the volume setup will error | |
| unless it is marked optional. Paths must | |
| be relative and may not contain the '..' | |
| path or start with '..'. | |
| items: | |
| description: >- | |
| Maps a string key to a path within a | |
| volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: >- | |
| Optional: mode bits to use on this file, | |
| must be a value between 0 and 0777. If | |
| not specified, the volume defaultMode | |
| will be used. This might be in conflict | |
| with other options that affect the file | |
| mode, like fsGroup, and the result can | |
| be other mode bits set. | |
| format: int32 | |
| type: integer | |
| path: | |
| description: >- | |
| The relative path of the file to map the | |
| key to. May not be an absolute path. May | |
| not contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the ConfigMap or it's | |
| keys must be defined | |
| type: boolean | |
| type: object | |
| downwardAPI: | |
| description: >- | |
| information about the downwardAPI data | |
| to project | |
| properties: | |
| items: | |
| description: >- | |
| Items is a list of DownwardAPIVolume | |
| file | |
| items: | |
| description: >- | |
| DownwardAPIVolumeFile represents | |
| information to create the file | |
| containing the pod field | |
| properties: | |
| fieldRef: | |
| description: >- | |
| Required: Selects a field of the pod: | |
| only annotations, labels, name and | |
| namespace are supported. | |
| properties: | |
| apiVersion: | |
| description: >- | |
| Version of the schema the FieldPath is | |
| written in terms of, defaults to "v1". | |
| type: string | |
| fieldPath: | |
| description: >- | |
| Path of the field to select in the | |
| specified API version. | |
| type: string | |
| required: | |
| - fieldPath | |
| type: object | |
| mode: | |
| description: >- | |
| Optional: mode bits to use on this file, | |
| must be a value between 0 and 0777. If | |
| not specified, the volume defaultMode | |
| will be used. This might be in conflict | |
| with other options that affect the file | |
| mode, like fsGroup, and the result can | |
| be other mode bits set. | |
| format: int32 | |
| type: integer | |
| path: | |
| description: >- | |
| Required: Path is the relative path | |
| name of the file to be created. Must not | |
| be absolute or contain the '..' path. | |
| Must be utf-8 encoded. The first item of | |
| the relative path must not start with | |
| '..' | |
| type: string | |
| resourceFieldRef: | |
| description: >- | |
| Selects a resource of the container: | |
| only resources limits and requests | |
| (limits.cpu, limits.memory, requests.cpu | |
| and requests.memory) are currently | |
| supported. | |
| properties: | |
| containerName: | |
| description: >- | |
| Container name: required for volumes, | |
| optional for env vars | |
| type: string | |
| divisor: | |
| description: >- | |
| Specifies the output format of the | |
| exposed resources, defaults to "1" | |
| type: string | |
| resource: | |
| description: 'Required: resource to select' | |
| type: string | |
| required: | |
| - resource | |
| type: object | |
| required: | |
| - path | |
| type: object | |
| type: array | |
| type: object | |
| secret: | |
| description: >- | |
| information about the secret data to | |
| project | |
| properties: | |
| items: | |
| description: >- | |
| If unspecified, each key-value pair in | |
| the Data field of the referenced Secret | |
| will be projected into the volume as a | |
| file whose name is the key and content | |
| is the value. If specified, the listed | |
| keys will be projected into the | |
| specified paths, and unlisted keys will | |
| not be present. If a key is specified | |
| which is not present in the Secret, the | |
| volume setup will error unless it is | |
| marked optional. Paths must be relative | |
| and may not contain the '..' path or | |
| start with '..'. | |
| items: | |
| description: >- | |
| Maps a string key to a path within a | |
| volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: >- | |
| Optional: mode bits to use on this file, | |
| must be a value between 0 and 0777. If | |
| not specified, the volume defaultMode | |
| will be used. This might be in conflict | |
| with other options that affect the file | |
| mode, like fsGroup, and the result can | |
| be other mode bits set. | |
| format: int32 | |
| type: integer | |
| path: | |
| description: >- | |
| The relative path of the file to map the | |
| key to. May not be an absolute path. May | |
| not contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| optional: | |
| description: >- | |
| Specify whether the Secret or its key | |
| must be defined | |
| type: boolean | |
| type: object | |
| serviceAccountToken: | |
| description: >- | |
| information about the | |
| serviceAccountToken data to project | |
| properties: | |
| audience: | |
| description: >- | |
| Audience is the intended audience of the | |
| token. A recipient of a token must | |
| identify itself with an identifier | |
| specified in the audience of the token, | |
| and otherwise should reject the token. | |
| The audience defaults to the identifier | |
| of the apiserver. | |
| type: string | |
| expirationSeconds: | |
| description: >- | |
| ExpirationSeconds is the requested | |
| duration of validity of the service | |
| account token. As the token approaches | |
| expiration, the kubelet volume plugin | |
| will proactively rotate the service | |
| account token. The kubelet will start | |
| trying to rotate the token if the token | |
| is older than 80 percent of its time to | |
| live or if the token is older than 24 | |
| hours.Defaults to 1 hour and must be at | |
| least 10 minutes. | |
| format: int64 | |
| type: integer | |
| path: | |
| description: >- | |
| Path is the path relative to the mount | |
| point of the file to project the token | |
| into. | |
| type: string | |
| required: | |
| - path | |
| type: object | |
| type: object | |
| type: array | |
| required: | |
| - sources | |
| type: object | |
| quobyte: | |
| description: >- | |
| Quobyte represents a Quobyte mount on the host | |
| that shares a pod's lifetime | |
| properties: | |
| group: | |
| description: >- | |
| Group to map volume access to Default is | |
| no group | |
| type: string | |
| readOnly: | |
| description: >- | |
| ReadOnly here will force the Quobyte | |
| volume to be mounted with read-only | |
| permissions. Defaults to false. | |
| type: boolean | |
| registry: | |
| description: >- | |
| Registry represents a single or multiple | |
| Quobyte Registry services specified as a | |
| string as host:port pair (multiple entries | |
| are separated with commas) which acts as | |
| the central registry for volumes | |
| type: string | |
| tenant: | |
| description: >- | |
| Tenant owning the given Quobyte volume in | |
| the Backend Used with dynamically | |
| provisioned Quobyte volumes, value is set | |
| by the plugin | |
| type: string | |
| user: | |
| description: >- | |
| User to map volume access to Defaults to | |
| serivceaccount user | |
| type: string | |
| volume: | |
| description: >- | |
| Volume is a string that references an | |
| already created Quobyte volume by name. | |
| type: string | |
| required: | |
| - registry | |
| - volume | |
| type: object | |
| rbd: | |
| description: >- | |
| RBD represents a Rados Block Device mount on | |
| the host that shares a pod's lifetime. More | |
| info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type of the volume that you | |
| want to mount. Tip: Ensure that the | |
| filesystem type is supported by the host | |
| operating system. Examples: "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#rbd | |
| TODO: how do we prevent errors in the | |
| filesystem from compromising the machine | |
| type: string | |
| image: | |
| description: >- | |
| The rados image name. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it | |
| type: string | |
| keyring: | |
| description: >- | |
| Keyring is the path to key ring for | |
| RBDUser. Default is /etc/ceph/keyring. | |
| More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it | |
| type: string | |
| monitors: | |
| description: >- | |
| A collection of Ceph monitors. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it | |
| items: | |
| type: string | |
| type: array | |
| pool: | |
| description: >- | |
| The rados pool name. Default is rbd. More | |
| info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it | |
| type: string | |
| readOnly: | |
| description: >- | |
| ReadOnly here will force the ReadOnly | |
| setting in VolumeMounts. Defaults to | |
| false. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it | |
| type: boolean | |
| secretRef: | |
| description: >- | |
| SecretRef is name of the authentication | |
| secret for RBDUser. If provided overrides | |
| keyring. Default is nil. More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| user: | |
| description: >- | |
| The rados user name. Default is admin. | |
| More info: | |
| https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it | |
| type: string | |
| required: | |
| - image | |
| - monitors | |
| type: object | |
| scaleIO: | |
| description: >- | |
| ScaleIO represents a ScaleIO persistent volume | |
| attached and mounted on Kubernetes nodes. | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Ex. "ext4", "xfs", | |
| "ntfs". Default is "xfs". | |
| type: string | |
| gateway: | |
| description: >- | |
| The host address of the ScaleIO API | |
| Gateway. | |
| type: string | |
| protectionDomain: | |
| description: >- | |
| The name of the ScaleIO Protection Domain | |
| for the configured storage. | |
| type: string | |
| readOnly: | |
| description: >- | |
| Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in | |
| VolumeMounts. | |
| type: boolean | |
| secretRef: | |
| description: >- | |
| SecretRef references to the secret for | |
| ScaleIO user and other sensitive | |
| information. If this is not provided, | |
| Login operation will fail. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| sslEnabled: | |
| description: >- | |
| Flag to enable/disable SSL communication | |
| with Gateway, default false | |
| type: boolean | |
| storageMode: | |
| description: >- | |
| Indicates whether the storage for a volume | |
| should be ThickProvisioned or | |
| ThinProvisioned. Default is | |
| ThinProvisioned. | |
| type: string | |
| storagePool: | |
| description: >- | |
| The ScaleIO Storage Pool associated with | |
| the protection domain. | |
| type: string | |
| system: | |
| description: >- | |
| The name of the storage system as | |
| configured in ScaleIO. | |
| type: string | |
| volumeName: | |
| description: >- | |
| The name of a volume already created in | |
| the ScaleIO system that is associated with | |
| this volume source. | |
| type: string | |
| required: | |
| - gateway | |
| - secretRef | |
| - system | |
| type: object | |
| secret: | |
| description: >- | |
| Secret represents a secret that should | |
| populate this volume. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#secret | |
| properties: | |
| defaultMode: | |
| description: >- | |
| Optional: mode bits to use on created | |
| files by default. Must be a value between | |
| 0 and 0777. Defaults to 0644. Directories | |
| within the path are not affected by this | |
| setting. This might be in conflict with | |
| other options that affect the file mode, | |
| like fsGroup, and the result can be other | |
| mode bits set. | |
| format: int32 | |
| type: integer | |
| items: | |
| description: >- | |
| If unspecified, each key-value pair in the | |
| Data field of the referenced Secret will | |
| be projected into the volume as a file | |
| whose name is the key and content is the | |
| value. If specified, the listed keys will | |
| be projected into the specified paths, and | |
| unlisted keys will not be present. If a | |
| key is specified which is not present in | |
| the Secret, the volume setup will error | |
| unless it is marked optional. Paths must | |
| be relative and may not contain the '..' | |
| path or start with '..'. | |
| items: | |
| description: >- | |
| Maps a string key to a path within a | |
| volume. | |
| properties: | |
| key: | |
| description: The key to project. | |
| type: string | |
| mode: | |
| description: >- | |
| Optional: mode bits to use on this file, | |
| must be a value between 0 and 0777. If | |
| not specified, the volume defaultMode | |
| will be used. This might be in conflict | |
| with other options that affect the file | |
| mode, like fsGroup, and the result can | |
| be other mode bits set. | |
| format: int32 | |
| type: integer | |
| path: | |
| description: >- | |
| The relative path of the file to map the | |
| key to. May not be an absolute path. May | |
| not contain the path element '..'. May | |
| not start with the string '..'. | |
| type: string | |
| required: | |
| - key | |
| - path | |
| type: object | |
| type: array | |
| optional: | |
| description: >- | |
| Specify whether the Secret or it's keys | |
| must be defined | |
| type: boolean | |
| secretName: | |
| description: >- | |
| Name of the secret in the pod's namespace | |
| to use. More info: | |
| https://kubernetes.io/docs/concepts/storage/volumes#secret | |
| type: string | |
| type: object | |
| storageos: | |
| description: >- | |
| StorageOS represents a StorageOS volume | |
| attached and mounted on Kubernetes nodes. | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Ex. "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. | |
| type: string | |
| readOnly: | |
| description: >- | |
| Defaults to false (read/write). ReadOnly | |
| here will force the ReadOnly setting in | |
| VolumeMounts. | |
| type: boolean | |
| secretRef: | |
| description: >- | |
| SecretRef specifies the secret to use for | |
| obtaining the StorageOS API credentials. | |
| If not specified, default values will be | |
| attempted. | |
| properties: | |
| name: | |
| description: >- | |
| Name of the referent. More info: | |
| https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
| TODO: Add other useful fields. | |
| apiVersion, kind, uid? | |
| type: string | |
| type: object | |
| volumeName: | |
| description: >- | |
| VolumeName is the human-readable name of | |
| the StorageOS volume. Volume names are | |
| only unique within a namespace. | |
| type: string | |
| volumeNamespace: | |
| description: >- | |
| VolumeNamespace specifies the scope of the | |
| volume within StorageOS. If no namespace | |
| is specified then the Pod's namespace will | |
| be used. This allows the Kubernetes name | |
| scoping to be mirrored within StorageOS | |
| for tighter integration. Set VolumeName to | |
| any name to override the default | |
| behaviour. Set to "default" if you are not | |
| using namespaces within StorageOS. | |
| Namespaces that do not pre-exist within | |
| StorageOS will be created. | |
| type: string | |
| type: object | |
| vsphereVolume: | |
| description: >- | |
| VsphereVolume represents a vSphere volume | |
| attached and mounted on kubelets host machine | |
| properties: | |
| fsType: | |
| description: >- | |
| Filesystem type to mount. Must be a | |
| filesystem type supported by the host | |
| operating system. Ex. "ext4", "xfs", | |
| "ntfs". Implicitly inferred to be "ext4" | |
| if unspecified. | |
| type: string | |
| storagePolicyID: | |
| description: >- | |
| Storage Policy Based Management (SPBM) | |
| profile ID associated with the | |
| StoragePolicyName. | |
| type: string | |
| storagePolicyName: | |
| description: >- | |
| Storage Policy Based Management (SPBM) | |
| profile name. | |
| type: string | |
| volumePath: | |
| description: Path that identifies vSphere volume vmdk | |
| type: string | |
| required: | |
| - volumePath | |
| type: object | |
| required: | |
| - name | |
| type: object | |
| type: array | |
| required: | |
| - containers | |
| type: object | |
| type: object | |
| ttlSecondsAfterFinished: | |
| description: >- | |
| ttlSecondsAfterFinished limits the lifetime of a Job that | |
| has finished execution (either Complete or Failed). If this | |
| field is set, ttlSecondsAfterFinished after the Job | |
| finishes, it is eligible to be automatically deleted. When | |
| the Job is being deleted, its lifecycle guarantees (e.g. | |
| finalizers) will be honored. If this field is unset, the Job | |
| won't be automatically deleted. If this field is set to | |
| zero, the Job becomes eligible to be deleted immediately | |
| after it finishes. This field is alpha-level and is only | |
| honored by servers that enable the TTLAfterFinished feature. | |
| format: int32 | |
| type: integer | |
| required: | |
| - template | |
| type: object | |
| maxReplicaCount: | |
| format: int32 | |
| type: integer | |
| minReplicaCount: | |
| format: int32 | |
| type: integer | |
| pollingInterval: | |
| format: int32 | |
| type: integer | |
| scaleTargetRef: | |
| description: >- | |
| ObjectReference holds the a reference to the deployment this | |
| ScaledObject applies | |
| properties: | |
| containerName: | |
| type: string | |
| deploymentName: | |
| type: string | |
| required: | |
| - deploymentName | |
| type: object | |
| scaleType: | |
| description: >- | |
| ScaledObjectScaleType distinguish between Deployment based and | |
| K8s Jobs | |
| type: string | |
| triggers: | |
| items: | |
| description: ScaleTriggers reference the scaler that will be used | |
| properties: | |
| authenticationRef: | |
| description: >- | |
| ScaledObjectAuthRef points to the TriggerAuthentication | |
| object that is used to authenticate the scaler with the | |
| environment | |
| properties: | |
| name: | |
| type: string | |
| required: | |
| - name | |
| type: object | |
| metadata: | |
| additionalProperties: | |
| type: string | |
| type: object | |
| name: | |
| type: string | |
| type: | |
| type: string | |
| required: | |
| - metadata | |
| - type | |
| type: object | |
| type: array | |
| required: | |
| - triggers | |
| type: object | |
| status: | |
| description: ScaledObjectStatus is the status for a ScaledObject resource | |
| properties: | |
| currentReplicas: | |
| format: int32 | |
| type: integer | |
| desiredReplicas: | |
| format: int32 | |
| type: integer | |
| externalMetricNames: | |
| items: | |
| type: string | |
| type: array | |
| lastActiveTime: | |
| format: date-time | |
| type: string | |
| required: | |
| - currentReplicas | |
| - desiredReplicas | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| version: v1alpha1 | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: triggerauthentications.keda.k8s.io | |
| spec: | |
| group: keda.k8s.io | |
| names: | |
| kind: TriggerAuthentication | |
| listKind: TriggerAuthenticationList | |
| plural: triggerauthentications | |
| singular: triggerauthentication | |
| scope: Namespaced | |
| validation: | |
| openAPIV3Schema: | |
| description: TriggerAuthentication defines how a trigger can authenticate | |
| properties: | |
| apiVersion: | |
| description: >- | |
| APIVersion defines the versioned schema of this representation of an | |
| object. Servers should convert recognized schemas to the latest | |
| internal value, and may reject unrecognized values. More info: | |
| https://git.k8s.io/community/contributors/devel/api-conventions.md#resources | |
| type: string | |
| kind: | |
| description: >- | |
| Kind is a string value representing the REST resource this object | |
| represents. Servers may infer this from the endpoint the client | |
| submits requests to. Cannot be updated. In CamelCase. More info: | |
| https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds | |
| type: string | |
| metadata: | |
| type: object | |
| spec: | |
| description: TriggerAuthenticationSpec defines the various ways to authenticate | |
| properties: | |
| env: | |
| items: | |
| description: >- | |
| AuthEnvironment is used to authenticate using environment | |
| variables in the destination deployment spec | |
| properties: | |
| containerName: | |
| type: string | |
| name: | |
| type: string | |
| parameter: | |
| type: string | |
| required: | |
| - name | |
| - parameter | |
| type: object | |
| type: array | |
| podIdentity: | |
| description: >- | |
| AuthPodIdentity allows users to select the platform native | |
| identity mechanism | |
| properties: | |
| provider: | |
| description: PodIdentityProvider contains the list of providers | |
| type: string | |
| required: | |
| - provider | |
| type: object | |
| secretTargetRef: | |
| items: | |
| description: >- | |
| AuthSecretTargetRef is used to authenticate using a reference | |
| to a secret | |
| properties: | |
| key: | |
| type: string | |
| name: | |
| type: string | |
| parameter: | |
| type: string | |
| required: | |
| - key | |
| - name | |
| - parameter | |
| type: object | |
| type: array | |
| type: object | |
| required: | |
| - spec | |
| type: object | |
| version: v1alpha1 | |
| versions: | |
| - name: v1alpha1 | |
| served: true | |
| storage: true | |
| --- | |
| apiVersion: operators.coreos.com/v1alpha1 | |
| kind: ClusterServiceVersion | |
| metadata: | |
| name: keda.v0.0.4 | |
| namespace: openshift-operators | |
| annotations: | |
| alm-examples: >- | |
| [{"apiVersion":"keda.k8s.io/v1alpha1","kind":"ScaledObject","metadata":{"name":"SCALED-OBJECT-NAME","labels":{"deploymentName":"DEPLOYMENT-NAME"}},"spec":{"scaleTargetRef":{"deploymentName":"DEPLOYMENT-NAME","containerName":"example-container"},"pollingInterval":30,"cooldownPeriod":300,"minReplicaCount":0,"maxReplicaCount":100,"triggers":null}},{"apiVersion":"keda.k8s.io/v1alpha1","kind":"TriggerAuthentication","metadata":{"name":"keda-trigger-auth-azure-queue-secret","namespace":"keda"},"spec":{"podIdentity":{"provider":"none | |
| | azure | gcp | | |
| spiffe"},"secretTargetRef":[{"parameter":"connectionString","name":"my-keda-secret-entity","key":"azure-storage-connectionstring"}],"env":[{"parameter":"region","name":"my-env-var","containerName":"my-container"}]}},{"apiVersion":"keda.k8s.io/v1alpha1","kind":"TriggerAuthentication","metadata":{"name":"example-triggerauthentication"},"spec":null},{"apiVersion":"keda.k8s.io/v1alpha1","kind":"ScaledObject","metadata":{"name":"example-scaledobject"},"spec":null}] | |
| categories: Cloud Provider | |
| certified: 'false' | |
| description: TODO - Keda Operator - TODO | |
| containerImage: '' | |
| support: '' | |
| capabilities: Basic Install | |
| repository: 'https://github.com/kedacore/keda' | |
| createdAt: 2019-10-30T00:00:00.000Z | |
| spec: | |
| displayName: Keda | |
| description: |+ | |
| TODO | |
| TODO | |
| maturity: alpha | |
| version: 0.0.4 | |
| replaces: '' | |
| minKubeVersion: '1.11.0' | |
| keywords: | |
| - keda | |
| - scaling | |
| - event | |
| maintainers: | |
| - name: Keda Community | |
| email: keda@keda.org | |
| provider: | |
| name: Keda Community | |
| labels: | |
| alm-owner-keda: keda | |
| operated-by: keda | |
| selector: | |
| matchLabels: | |
| alm-owner-keda: keda | |
| operated-by: keda | |
| links: | |
| - name: Keda Source Code | |
| url: 'https://github.com/kedacore/keda' | |
| - name: Slack Channel | |
| url: 'https://kubernetes.slack.com/messages/CKZJ36A5D' | |
| icon: | |
| - base64data: >- | |
| iVBORw0KGgoAAAANSUhEUgAAA7MAAAFxCAYAAAChof/5AAAACXBIWXMAAAsSAAALEgHS3X78AAAgAElEQVR4nOzdCXzdVZ3//8/ne+/N2nRvc8Mm+yqi5DaUUpDiwg5FKSgqiMoiYJaWtoBoiToiIm0TdRyZ32zqOCOMIyOLMn9HOrIIbaozzqAjCjLAkJukTWnTbDf3+/38H98UZStt0mY5597X84HiQpP3+Zzb9H7uOd9z1MwEAAAAAACfBMwWAAAAAMA3NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO/QzAIAAAAAvEMzCwAAAADwDs0sAAAAAMA7NLMAAAAAAO8kmTLszsKVm6pSuWTCpUKdOn36tlWrJHIgyphysdZ74qE107eKiLmar1DqjN0rD6f3P9Aqg66VqtBeg/1hFB1w8szeu5ZI6EAcYNIsWCrlpfZS6Ui+f89R03vbrpQhZgvYczSz2K2B/qH1/TJ0pEuVuneLvWWVzHjOgShjJtOUPVsiuaffhvz+fan6NyLyMQeSvCkXX9MYHz3av0ykZrVr5S3E1+DTD7dL5hHpN9HtarLdVHpEbLuKbDfT+O/bTOXZINCnAo1+F5aU/a7tSzO2OhAdGBPNzRIM5tt/Pihy3Ei+XvDkwNdF0tdRfWDP0cwCDjihqfNECe0u8/73pP5o6sz0lQ4EATAJzKRcxMpNZM4f92bYy/9uL/+XKLQd22ryA1Jbn+1UtadM9Heqw03uUyUlqccfuW32i8wffHPf5uz7ZISNrOz4XfGxk5Z3fO7R26s7mWxgz9DMApPsxKb2o8JI7jORCq/nQnXD7BJd8uAqyTuQBoAXbK6ZzBWxhWY2vEe5v39Iahvaf6cm6yQI1pWVJtbR3MJ1F90tCRO5ZTQx4w9/BnNRo4jcxAQDe4ZmFphE8+u798uLPGgiM/2eB/19WYme8+Dt1b0OhAHgO5PDTOQwiaIr+vsjydS3P2Uq64IgWGeSWNe2ZnY7cwyX/OGxjotM7JhRRzK9Zn5995ceb525jQkFRo9mFpgkC5ZumzmkuQfFZH+/50A7VYIzHr19LtukAIwLEzlcTA6PwujKeD0rU9/+iKl8p6Ki4u6Hb522hapjMi1qlqRF0ao9iWBi0/KS+6SI3MYkAqPH1TzAJMg0S8Vg2HuvmB3td/11ezJpZ7e1zn3agTAAioKpiZwsJt/s6+trr63Pfr+2ofOCi5qlhPnHZNje3f5BMzlij7+1StOiZilj8oDRo5kFJlj8Ca50Z78nJgt8rr2KDiXUljyxuqbNgTgAipFJqYi9Tyz856c3t2drG9q/mWnsWjj8IwqYAJk7JRWZfnZvvpOZVfdszl7OfAGjRzMLTLBt3dk7zewc7+uucsX6lpofO5AEAGIzxORKi/IPZxraf5NpyF42/OEhMI70vzs+ImKHjsF3WB4fIsVcAaNDMwtMoExD+61i5v2nr6rBTW0t6b9zIAoAvEG85dPM/rZnc/apeY3tV7EFGePhrHopjdQ+MxZf2sQOevrhzg8wUcDo0MwCE6S2vqPRTG7wv976tbaW6lsdCAIAuxQ3CFEkf/F0d/szmcaO+gVL43twgbHRFbR/VMwOHKuvpxKtZIs8MDo0s8AEyDR2XCJiq72vter3z5uVbnAgCQCMnMm+FkUtg/nss/MasisWNXdNoXrYG/GBTRbJp8eyiCZ2bF19h/+PIQETiGYWGGeZ+s73SmR/G5/A6XOtVeThqTPTH161SiIH4gDAHrC5kdltPd3h7+sa2z9MBbGntnVnP24y9lfrhRoVwA4uYOLQzALjqK4xO88k+r6JpXyus4o+WV5Zcf5Dq2TAgTgAsFfi02PDSL6dqc8+NL8+6/kVaZho8fV6YnLTuHxbkwV1je2nMKnAyNDMAuPkhGWbDg9N7hcxr7ezqcoLQarkzIdvnbbFgTgAMGZM7NS8yH/UNmRvO315RyWVxUjY5o4rRWyf8SpWaHojEwGMDM0sMA4yTZtq8vn8g2I2x+v6qrykEpy5/o6ZzzuQBgDG3PDOGbMVmwej39Q1tb+PCmNX4uetVW18twKbnTGvvusdTASwezSzwBjL3LBlmkX5H4/lCYeTQmUwYbp4Q0v1f/MaAVDo4ucfw1C+X1uffWB+ffd+TDh2pqc7vDrepj7exTENeXYWGAGaWWAMDZ9u2D/4QzF7m9d1VY0C0w+vb03/uwNpAGAC2Zl5HfzlvKbsmVQdrza/vnuqiK2ciKKYyIXzG7oOYwKAXaOZBcbIRXdLoqe7/bti5v3BDSrauKE1/U8ORAGACWcms6NQ7s80Zr+0qFmSzABieR26Nn5tTEgxzIK85FdQeGDXaGaBMfL0I+1/biYX+F5PDfS2tpbqrzoQBQAmkalFtrJnc/u6umXdY34FC/xy8o1bZ4hE109kaBO5dOHKTeN20BRQCGhmgTGQacw2i8mVvtdSRb/VtjbNKYoA8DITOSkaGvxlpil7NjUpXv29/Z8yk5kTWgCTkoGB/LJirz2wKzSzwF7KNGavscg+63sdVeRBeWv6EzveuwEA/shEZlko986rz36ZbcfF54SbemaJyNLJGLiZXLlg6baJbaIBj9DMAnsh05hdYib+b8lV2Vg1K3lh25Uy5EAaAHCQaSS2vGdz9p4FS6WcGSoeYW9vg4lNm5wB25Rcvu+6oiw8MAI0s8Aeqm3qOM3Mvh0f0uBzDVX1mZQmzn5o1ZztDsQBAKeZ2NmDYftPdjxDiUJ30vKOuSLSOLnDtPrTl3dUFkG5gVGjmQX2QHyZuUb2AzEp9bp+ql1JSZzx+Nq5HQ6kAQA/mCzo6+t/hPtoC99gLmoys6rJHGi8zX3ToFxRJCUHRoVmFhilTH3nIabhj8xsqte1U+0NEnLO4y1zfudAGgDwi9nReR18NHP95iOZucJUt6IrbaKfcmFwqtGyzJ2SciAK4BSaWWAU5jd2VotGD5pZtc91U9V8IHLRhtXp9Q7EAQAvmckBkss9kmnsOIEZLDzRQHi9mDmxvddM9tP/7viIA1EAp9DMAiO0cOWmqnwUPmBmh/heMzW9akNL+gEHogCA14ZPOjb7t7qG9jOYycKxYOnmfUXtGpcGZBqtaG7mvTvwavyGAEbgomYp6R/I/8BEjve9Xqr62Q2t1X/tQBQAKAxmlaHIPXX12Xcyo4UhF+aWm7l1arWZHHHf5uz7HIgCOINmFtiN+FPQZ7qz8anF7/K9VhroN9pa0p93IAoAFBaT0kjlh3VNXW9nZv120vXtbxGTq1wcRKR2gwMxAGfQzAK78cPN2RYzu8j3OqnIPQeflHbiIAsAKETxwYBRGP6obmnnwUywvwaHdIWJlDk5AJPaeY2d73EgCeAEmllgF+Y1tH9axLy/rFxFHi1J1lxy1xIJHYgDAAXLxNJRGP3r8IGB8E78QYSJfcLl3GbRjQ7EAJxAMwu8idrGjisiky94Xx/V35QkK897bLX0O5AGAApefFBg3sIfza/v9vsKtyIUhuFKMSlxeeRmtogTtIEdaGaBncg0dS7WyL7hf230RdXSMx5bPbXbgTAAUDTM5B15zd1zVr2UMut+mN/QdZiaXu5FWFZngWE0s8Dr1C7tOlnC8B9MLOFzbVR0ayoIzmxbO+M5B+IAQNGJV9A6NfsdZt4PQxLeaGIpH8Ka6Xnz67NHOxAFmFQ0s8CrZJZ2HCth/ofOHvwwUio5Ubng8bVzf+VHYAAoTGZ2YaYxu4zpdduJTe1Hqcml/iQ2HVLhZGMUPZpZ4GXxUfyWtx+LyXS/a6KW0ODStpb0Qw6EAQBEcivPOLotFwU3+bYjS0U+OHyNEFDEkkw+IJK5vme2DMmDIraP7+UIAlu2fm36ew5EcZapdogJB7MUARPbXuw1GClV7TDbsxPPVSQwkSkiUhn/DpuUAThseOtqJN87+cat73j41mlbir0erhnelSV2iW+5zSw5kNPrRYRr91C0aGZR9E5f3lEpObvfRI7wvRYqeseGtek1DkRx2saW9KnFXgPgDbS0bmPLXj9jrwtXbpoykJMpiUCqLBxKhxIcoZEdISpHmNgRKnpQ/Ca8+CbA3tLf1/c3ItMWOxAGr2Kh3SRmXu5WVLWPn7S84/OP3l7d6UAcYMLRzKKoZe6UlAxG3zeROt/roCrfbWtJL3cgCoDiZY/cNrtHROJ/tYvIUyLys1dXIz7dtyuRPdEiOU3EFonpCb4curO3zOT82vqOxo2t1Wv9HknhqGvqeruYXOzrgMykPDcYNYjIpx2IA0w4nplFMVN5sv1vTOT0AqjBTw6eWXP58G42AHDYA60yuGFNel1bS/qzbS01J88q1RkSJM4QlTtF5aWCnzuNbqtrzM5zIAnie2Wj8Gbft8ab6LXcaYxiRTOLopVpyH7FTD7k+/hV5ZcpKX3/Xask50AcABiVB2+v7t24du6DG1tqrqq2mrQGepGo3quiQwVZSZOSKJLv0XxMvuEPFUze5/s4TGxaXnKfdCAKMOFoZlGUahuzy81sqfdjV31WgtTZj7fO3OZAGgDYK/Gqbdva9N0bW9LnVYjsq4F8RkU2F1pVTeygvAx+3oEoRS2MxPtV2VdpXNTs+bWCwB6gmUXRyTRkL5NIbvN93PEbvECTZ7Stmd3uQBwAGFM/a013ta2t+cKs0uAtGuj1qlpgP+v02vmNnW9zIEhROqGp80QRO69Qxm5i6Z7N2csdiAJMKJpZFJVMU/ZsEfl/vn8SqyJ9JsE5G9bO/q0DcQBg3MTbkNvWpu+Ya+mDVPQaES2IU1vjO03zFn7dgShFKYyimwtu3CrXX3S3eHVXLrC3aGZRNIY/hQ3tLt+vhFDRMJDgAxtbqx93IA4ATIjhLcit6W9MTZQdoap/LqqR75U3k4XzGto/4kCUolK7tOtkMzur0MZsZgc/82iHtyczA3uCZhZF4cSm9qPCKLzPRCp8H68F+sn1rdX3OhAFACbcQ2umv9TWkr5WxOpUdL3vM2Cit3MY1MTSMP+Zgh1cZDfs2MAFFAeaWRS8+fXd+w2F8qCZzPR9rIFq88a11X/pQBQAmFQbW2o2njsrfaJqUC8qg77OhplV53Xwcw5EKQq1TR2nmcl7CnWsJnZsbWPH2Q5EASYEzSwK2oKl22YOae5BE9nf93GqyF9uaEnf4kAUAHDCqlUStbVUfzWw5Iki+ntvZ8X0uszSjmMdSFLwNLTCXZX9I4tudCMIMP5oZlGwMs1SMRj23itmR3s/RtV7Dz65hjvkAGAnNrTO+WV5efJ4Ef2ej/WJD4Oy0NY4EKWg1TZ2nm5ipxb8QE0W1DW2n+JAEmDc0cyiIC1qlqR0Z78X/0D3f3z6c52Z/sBdSyR0IAwAOOmR22b3bGxNfyA+8VhV897Nktm76hqz8xxIUrDUwsI7wfhNhKaszqIo0MyiIG3rzt5pZuf4PjZV+W1ySuW5baukz4E4AOC8+MRjU71AVfp9m60wkhsciFGQ4qv54tOji2bAZmfUNXW93YEkwLiimUXByTS03ypm3l8crqrtqUDPeOKLVZsdiAMA3ti4tvq+QBLvFpEtXs2ayuITlm063IEkhSeSolmV/aMoClmdRcGjmUVBqa3vaDTz/5NtVd0WBImzfr4m/awDcQDAO+tb5j6WSOrJovJ/3mQ3C8L80HIHkhSUeQ3Zs8xsfrGN20QuXLC061AHogDjhmYWBSPT2HGJiK32fjwquSARvH/9mjn/4UAaAPDW+tXpJ5MlwcnxThdfxmAiH8k0bapxIEqh0EisOK8+Mgty+fwKB5IA44ZmFgUhU9/5Xonsb+P7Dfwej5pqcPn61XN/4kAYAPDeE7dX/yGpwRkqutWLsZiUaphvciBJQZjX0HGemNQW6/hN5bKFKzft40AUYFzQzMJ78emPJtH3TSzl+1hUZUXb2urvOhAFAArG42vn/ioI7DwVGfBhTKZyVeaGLdMciOK15mYJIouai7oIJiUD/fmlDiQBxgXNLLwWH5QRmtwvYlO8n0kN1rS1pL/iQBIAKDjr19b8TBKJD6qo89ecmdlUGxi80oEoXrtvS/sFInJcsdfBRK46+catMxyIAow5mll4K36mKJ/PPyhmc/yfRf3expbqZQ4EAYCC1bZm7j2qcpMP49PIPuZADG9ddLckLNLiXpX9E5vS39v/KUfCAGOKZhZeSsrQdIvyPxazA32fQVV96JBZ6Ut3fHgKABhPG1rSt6vqA64X2USOrK3vKLoTeMfKHx7pWGJixxTGaMaA2qcyzVLh/TiA16GZhZeGLPoHMXub97On+ispL73grlWScyANABQDk1TlZarygvNj1cj7O9Mnw6JmSZpFq4pv5G/OTGbb5g62rqPg0MzCT2ZH+z9z+r/lZckz2740w48TNgGgQLR9pWqTaPKDqpp3eURqevGCpVLuQBSvbO9u/2C8sl3sdXg9lWhp5k7x/rBM4NVoZoFJoCrdJQk785HbZr9I/QFg4rWtnfOIqHzR5dKb2LTBfOf7HIjijbhZi0w/W+x12BkT2T94Mvth95IBe45mFphgqtKvQeK8n6+p+Q21B4DJMzdKf1FEf+/2FIQfdSCEN3Y0a3ZosdfhzURiK+Mri9xMB4weL2ZgAg1fCREkLtmwZu6j1B0AJtcDrTKYUHP8lFd9V6ZxywEOBHHeWfVSGpl8ptjrsCtmcsTLVxYBBYFmFphIatfFV0NQcwBww/qWmh+L6vfdnQ5TscHLHAjivA5tv8zEDir2OuxOFOkNbicERo5mFpggKsEX2lpq/oJ6A4BbUlbSKKq9rk6LiVzoQAynLWqWMjW5udjrMDKWmdfY+R4fkgK7QzMLTATVv25rrWbrEwA46PHWmS+oytecnRuTY0+pz85xIImzerZkPxYfcFTsdRgps+hGP5ICu0YzC4wzFb1/6sz0VdQZANxVmtLV8QF9bgY07VVZ5EAQJ2WapcIi+XSx12E0zGxRprHjBH8SAztHMwuMIxVdP6tUL35olTh9lyEAFLtHb6/uFJO/dLYMpqc5kMJN3R1XiNg+xV6GUYsinp2F92hmgfGi8rsKkXMevL3a2eewAACvSErp7aKSc7IkGtHM7sSi5q4pYkZTtgdM9Pz59dmjvQsOvArNLDAOVLUjkUic8bPWdBf1BQA/DD87K/JtJ8OaHFa3rJtnQl+npzu82sTSToXyhmleZGWxVwF+SzJ/wFjT7SZ29vrVc5+htG6qrc/+o6ocWOx1cNCNbS3ph4q9CJhcmtA7LW8fd3EaonwuXp39OweiOGF+ffdUU1lR7HXYKyqXnHR9+2cf/UrN/3o8ChQxmllgjKnYvW0tNRupq7tU7DgzObLY6+CaQHRWsdcAk2/D6vT6TEP7b83kCOemw4Rm9lXywdA1EhmnPO8FM0sO5PR6EfmUt4NAUWObMTDGTPXiefVd76CuAOAn0+BbTgZX47nZly1qemm6WLTciTCeU7WPc/UTfEUzC4w1s8A030pdAcBPKiXfiTtH18KbyX51K7p4PjR+VjYa+JSZzHQgivfMpLxfrLHY6wA/0cwC48BMFtY1tn+Y2gKAf9rWznhORf7dyeC5/OEOpJhUJ9zUM8vElhZxCcZcpHJN/AxygQ0LRYBmFhgnYaS3LVy5qYr6AoCHArnPxdCRBUXfzIa9vQ1iMt2BKHvkkBoHj6wxmR5q7moHkgCjQjMLjBvbZ7A//xnqCwAe0qSjJ2ubewdTTaCXn+1s8DX/uXXlUlGqDiR5IzNpWtQsZa7lAnaFZhYYR5Faw7zGTUX9xgMAfHTu9Nn/oSrdrkU3k6Jeme1TazIzL7fDliRFrj67Sp7rzDuQ5o3i+3p7uts/6louYFdoZoHxZFISRfk11BgA/LJqlUTi4HOzqsW7MhsffmWm3l4h8+HTpgyvym7tc+5ssVfR5RfdLQln4gC7QTMLjDs7c15jx3nUGQD8oqo/dS6w6cGLmsXBhy7HXzQYLhOxKT5mn16pctm7KuW5LjdXZf/IzA5+5tGOi91IA+wezSwwAcxs9Vn1UkqtAcAfQWCPuxbWxFKDW7sOdCDKhFqwdPO+YnaNr/mvPqtKppQHzm4xfjUzWzl8QxXgAZpZYAKY2SGdQTuXuwOAR1Kp1G9dTJuzsOi2Gg9FuetNpMKBKKO2/5yELF6wI/pzXaH7gc3eVtvYcbYDSYDdopkFJkokN9Yt696fegOAHx65bXaPiL7oWlg128+BGBMm07jlAIvE22tjmhZPlVRix0KnDyuzMY2iGxyIAewWzSwwQeJPlKN87g7qDQD+UBXnVmdN1MvnRveU2uAKEz+vjDnuoJS889hXonuxMrvjPctJtUu7TnYgCrBLNLPABDKzJZmG7CJqDgDecK+ZNSmaZvaE5R0HRWJXOBBljzRd8NpbhJ53/ACo18iHNzqUBtgpmllgopm0FOtJlADgH/uda5HVpMqBGBMin4tuiK+58zH76ceXybEHvhJ9S08o2wdcvpbn9ezMuqaut7uVCXgtmllggpnYsT1bOrw9kREAiotudm24xbLNeH5D12FqerkDUUYtmRC55pzXfubgyxbjVwvDkGdn4TSaWWASmEXNp9Rn51B7AHBbEFiPawFVo6JYmR2S8Ib4KiIHoozaB99ZKfvNfu0mLNfvmN0ZFblwwdKuQ91LBuxAMwtMBpPpfWq3UnsAcJtZwrlm1qzwV2Yz128+UkUudSDKqE0pV7n8PW+cIl9OMn41E0vk8vkV7iQCXotmFpgkJnr5CUvbM9QfANwVRS6uzBb+M7M2NHSTmXl5vsSVZ0yRaZVvfIvt4zbjmKlcunDlpn0ciAK8Ac0sMFnMgjDUr+7YxQMAcFEi6V4za1LYpxnPa+h4q4h8yIEoo1YzMyFLFlbu9Jf5uM14mEnpQH9+qQNJgDegmQUmkZnNr23KXsYcAICbkpIYdDBYqQMZxk0k9un4A18fs9efVyUlqZ1/Rv28pyuzsuMDlKtOvnHrDAeiAK9BMwtMMg3l1vn13VOZBwBwT6i282W2yWTSW6gvlZevgrnIgSijdvQBKXnPO8p2+su6tobSn/PpWp7Xsyn9ff3XuZUJoJkFJp2JpYd06BZmAgDcE4bq3POpqrbdgRjjIopCb1dlmxZXieqbrcp6usX4Naw+0ywVDgUCaGYBF6jZdSc2tR/FZACAW1RDFw9bKshmNj4U0Uze70CUUVv0tlI5/tA33/3t6+FPr2Yms6W74wp3EgE0s4AT4nv0hiJpYTYAwC1R5ODJwabOHUo1FsJQbh4+O9cziUDkunN3/bSQt4c/vZ5FyzJ3ipd3/6Iw0cwCjjCT99Q1tb+P+QAAdwTq3jZj0cJbma2t75hvJuc7EGXU3n9ShRxYvetbhHy8Y3ZnTGT/4Mnsh91LhmJFMws4JIz0jgVLpZw5AQA3mJlz92taAW4zVrGbHYgxahWlKlecsfubkgphm/EfRWYrmpvpIeAGXoiAS8wOHAqzK5kTAHCFHeHaVGiBNbOZxq6FJna2A1FG7WPvnSIzqxK7/GVmJi9sKpBtxjs+TDnyvi3tFzgQBaCZRRFReUlUv+36gE1sxYlN2QMdiAIARc9M3WtmC+00Y8t/xoEUozZnWiAffOfub27qeCmSwSHn4u+VKNIbPI6PAkIzi6KgqtuChJ5emkhfpSovuDxmMynPhXKHA1EAoOipyuGu1cAsKJgDoDIN2UVm8l4HoozadedWSVnJ7s+rKpjDn17DMnVLO9/tUCAUKZpZFDxV7UkEwRkbVqfXP7Za+lXkJvfHbO/jDwkAmFyZpk01ZrbrY2onQZDQZwvopeHlquxh+yTlrMzIjrgojDtm3yjKRze6lgnFh2YWhU21VzRx1hNr5v78j+Pc0FLzHVHZ6Pq4wzBqWdQsuz4eEQAwboIoPNrF6kZR6ikHYuy1TH3ne81skY/ZGxdPlSAY2S1Cz3UWzuFPr2Zip81bmq1zJxGKEc0sCpaK9CVMzm5bO+eR143RgkCvd37cZkf3dLfXO5AEAIpSpHaKa+NWlf62tTOedyDKGAi9PMH4pKNLZf6RpSP+5wtzm/EOljdWZzGpaGZRkOI/7AMNzlvfmv73nY1vw5r0OlX5F+fHbvrZ+Y2d1Q4kAYDiY3aac2M2/f2OA2X9lmnKnm0iJ/s2CFWRT503uquHC+WO2Z0x0fNPbGo/yr1kKBY0syg8KoNiicXrW6r/bVdjSyRTK1TU6fMFTWxaPoq+5EAUACgqmWapMBHntlCaSkFsMZZIvFyVPX9+uRy2T2rE/3wUmbywuTC3Ge9gOhRysncZHK8AACAASURBVDEmD80sCotKLhB9X1vr3H/d3bieuGP2UyL2DdfHbyKX1dZ3zHcgCgAUj82dC8WkxLXxqpj3zey8puyZZubdn2tlKZGrzxrdqmz7llDyhdzLyvCL8pJM45YDHEiCIsThMigY8SprYHrh+tbqB0Y6psSUKZ/L926/VEymu1sHU1FpbW6W+atWSeRAIO8lNXlePhGVFXsdXJPIp/632GsAhwTRaS7+xLVAfW9mNQrlcw7kGLVL3zVF5kxLjOqXFerhT69mZkmVwfgsEs75wISjmUVBUNW8SXDx+pa5945mPE98sWpzprH3C2b2FafrYDbv3u6Oj62S6v/nQBrvPd4y53fFXgMAu2aRvN/FEiWiwOtmdl5jx7nxHaUORBmVmVWBfORdlaP+dYV8+NNr2SdOqc9+/met6S6XUqHwsc0Y3lPRMN7isrFl7g/2ZCwHz0h/VVWfcb0OJvbFRU0vObyCDACF4YSmzhNF7FAXBxOlyr1tZpubJTCLmh2IMmqfPLtKKkpH/7a5UO+YfT0zKe9VbXArFYoBzSy8FjeymtCPtK1N372n47hrleRExf3DC8zm9EQDXm7NAgCfhBZ9xMW48QevbV+p2uRAlD1y/0vti83k7b7lPrA6OXzw0554rqvwtxm/Irp24cpNo3uoGNhLNLPwl2qkapdvWFP9D3s7huFmWOUxD2rxyXkNHW91IAcAFKSLmqVEzC52c2z2UwdC7JGL7pZEFKmXq7JNi6skEege/dri2WY8vIVs+uBA/pMOJEERoZmFp9QSIp/Y0FLz7THLb8Gy+Ou6XI/4kAUTa3UgCgAUpKe7O882k5kujk2DwNtm9tlHOy40M+8+jK09tEQWHrNn5wXmQ5MXC/panjcyk6az6qXUtVwoXDSz8JIGct36lvTfjGX2ja3Vj4vK91yvh5ktqm3IXuRAFAAoOCrRp1wdk6aChxyIMWqLmiUZRdEtnsUe1rR46h7/2riRDYvsDgITS3dq++UOREGRoJmFp0rvG4/cJYHcKCqDrtdExW6PL/R3IAoAFIz44Kf4A0Mnx6P66/VfnpN1IMmo9W5p/4CJHOlZbDlrXrkcdUBqj399UW0xfg1dHm8rdygQChjNLPAqP1+TflZEW1yviZkcYN0dNzkQBQAKRhhF7v5cNfFyi3HmTkmFJp91IMqopJIi15w9Za++RnEd/vQKMzv4D491sIMME4JmFngdLS/9oqo4f1qkWrSsbmnnwQ5EAQDvnbCs8zgzO8fZcaifz8vab7IfEpPDHIgyKpecWik1M5N79TWK5VqenYkic/+WCBQEmlngddq+NGOrqK5yvS4mUhbmozUORAEA74V5h1dlVaOKitJ1DiQZlfhkaA39W5WdVqFy+bv3blVWinqb8fDy7NsyTdmzHUiCAkczC+xE1Yz0nSryP+7Xxs6ra2g/w4EgAOCteU2dJ5nJEnfz2y8fvnXaFgeCjMrTWzouM7GDPIo87Mozq6SqYu/fIj/XWZzbjP8ktBsdSYICRjML7MRDqyRvQbDch9pEImuH70UEAIza8P2nYfh1Eduzi0QnQCB6l28zu6hZytSimx2IMir7zU7I+xfu/fmKQ3mT9i3F3cyayEm1S7tOdiAKChjNLPAmNq6tvk9FnX9GyUyO+EN3ttGBKADgnWce6bhORI5zNbeKhhYkx+5O9QnSsyX7sfiwQt9yN5xfJanE3n+u8cKmfPznM/Ihq7MYVzSzwC4EicSy+Fkl12tkIjdnmjbVOBAFALxRt6IrLWKfczqvyoNta2a3O5BkxOKr48zMuxP3jz0wJacdVz4mX6tYTzJ+IzszPlzNtVQoHDSzwC6sXzPnP9TkW67XyMyqLAq/7EAUAPBGNBi2mtlUl/Oqyd84EGN0tnR8Qkz29SlyrGnx2L0Uivrwp9fJD0WszmLc0MwCu1GSTN2sIn3O18nsQ/EhJg4kAQDn1Ta0X2lmDh/6FB9iLN0HzUr/0IEoI7aouWuKRP4d/PPut5fJcQeP3fETRX/406uoyIULlnYd6kwgFBSaWWA3Hls96/9U9Xb362RqYdja3MzvawDYlczSjmNVZK3rRTLT7961SnIORBmxni3hVSaW9iTusGQgct25VWP6NYv5jtnXM7HEYJj34lBN+Ic3vcAIzCzR21XV+WeWTOT4e7vbr3QgCgA46fTlHZWSj+4yk7F5OHIcaSLp1Rbj+fXdU81kpQNRRuWiUypk/znJMf2abDN+g8s42wPjgWYWGIEHb6/uVVM/rhgw+cKCpdtmOpAEAJyzKWffMJEjnZ8Z1V+1rZn9CweSjFhecp8UszmexB02pUzl46eP7arsQM6k4yXnz46cWCalEuWXFtOQMTFoZoEROmdW9d+KyH+6Xi8TmZUL+z7vQBQAcEptQ3aVmH3Eh1lR1b9yIMaILWp6abqIebeV9OOnT5HplWP7dji+lgc7ddXJN26dQWkwlmhmgRFatUqiRDJxvRf1MrmKo/AB4BXzGtuvErNbfChJfPDTrJR41cz2WP918YepDkQZsfSMQC4+pXLMvy5bjHcuvnmhv6//OhezwV80s8AorF899ycqer/rNYsPW8jno1YHogDApKtt6LzAIv26PzOhX48fb3EgyIjEj7aYyTIPor7GdedOldKUjvnX5STjXbH6+B5id/PBNzSzwCglRVaoqvsfu5qdkmnsuMSBJAAwaeY1ZU9VC78bf8jnwyyoSr+kKr36MDIX9TWIyXQHoozYUfun5IzasnH52qzMvjkzmS3dHVe4mg/+oZkFRunx1vSvReUvfaibWfTl4Tv/AKAI1dV3nGuRPWAi49O1jAMz/au2r1Rt8iXvKfXZOWLS6ECUUWk4vyp+LnlcvvZzXazM7pJFyzJ3SsrhhPAIzSywByoiWaWq25yvncm+Pd35TzuQBAAmVG1T9qOR2A98uILnj+JdPyUJucONNCPTL9ZoZlN9yPpHJ7+1VOYdXjpuX587ZnfNRPa332Q/5HJG+INmFtgDP2tNd4nJF32onYksnd/QdZgDUQBgQtQ2ZpdLKH/ty9biV9hdP1+TftaVNLszv7GzOhKtdzvlawUqUn/u2F7F82p9g5Fs2sa1PLujoa1sbqYPwd7jRQTsoapZ6RYR/V/n62dSkrdwjQNJAGBcXdQsJZmG7Nclsi+L2PjsIR1HSU3c5lPeMIqWiZhXj7JcsKBCDq4Zvx2uz7PFeETiu57vf6l9sQdR4TiaWWAPPbRKBoKE3uhD/Uzs7NrGjnMciAIA4+KE5R0HPb05+6iZXeNjhVX1vsfXzv2VA1FGZOHKTfuY2LUeRP2T8hKVq84c396bw59GLoz0Bl+ywl00s8Be2LCm+h9VdL0XNYxszVn1Mn4PCQHAJImv3snnol+IWMbLOVDJJSWx1IEkIzY4OLTcxK8rVj76nkqZNXV8d54/10kzO2Jm8+qWdr7bk7RwFM0ssHdMgoQnd+vZoR1Bh3f3AALAm4lPa6+tz35VLPxn366Gea3g9sdb5vzOpUS7Urese3+L5Gp3E77R7KmBfGjR+O+I5iTj0YnykRc73OAumllgL7WtnfOIqH7fizqa3TS/vns/B5IAwF6Z19j+/p7u/G9E7Dq/K6n/qzOrvThQ8I/CodwKn647il17TtXwNuPxxjbj0TGx0+Ytzdb5lBluoZkFxoBasDLeJuZ8Lc0qhzR3uwNJAGCPZOo7D6ltyP4oiuSfzMT/D+c0aGpbJX0OJBmR+NlkUbvCg6h/ckhNUs6pm5gbmliZHT0LjWdnscdoZoEx0NY692kV/ZoXtTT7QF199p0OJAGAETtpecfc2obsbSLhf4vZGYVROf3Rxpa5P3AgyIjlB2WlmF/nLzQunipBMP6rsj39kby0nWt5RstMF5/Y1H6UX6nhCppZYIyUV5R/QVW6fahnKNZy0d3i2f2LAIrRgqWb9800tK8dzEXPipl321vflMpgaTLh1R2tC5Z2HapiH3MgyojVHV4iC46amN77ebYY7yHToUhXehkdk45mFhgjD986bYtI8DlP6nncHx7NftKBHACwU3VLs8dkGrLfGAxzT5tJg5lMzD7RCaIW3P7Y6jm/9ylzLszfYGLjd0nrGFMVabpg6oR9P7YY7wWTSzKNWw7wNj8mDc0sMJaOqf5zUfHiRMooss9lru+Z7UAUABgW/0zKNHR8qrahvS3M23+b2dW+bWkdEdVfVc2q/jMPkv5J5vrNR4roZY7EGZH4OdnD95243ptrefbc8IckNni9r/kxeWhmgTHUdqUMaZBY4UlNZ9jQdq/eTAEoPPE24nmN2UszDe33SK73RbOoVUxqC3eqdXsymVzy0CoZcCDMyOWGbjSzpC9xS1MinzyrakK/JycZ7yWzj59Sn53j9Rgw4bz5oQT4om3N3HtqG7I/E7NT3I+sn8g0bfpm25rZv3AgDIAiEB/klBu0UyyQ0ySyd5nI4a+M2gq+AIHqFU/cMfspB6KMWLzlW0Q+5EncYfGdstUzJvZoiOc62Wa8N0ykole1QURu9ncUmGg0s8A4SCZsWT6v6+NDDZyur1lg0dBXRWRhUbyLBDBuFjVLUl56aUpvEFUFQ7mqfKBVapI2syNN5QgRO0JFjjSTmcMZivDQV1X9iw0t1f/oQJRRifL2aRN/Dg2cPiWQj767csK/LyuzYyG6duHKTbc9ctvsHv/HgolAMwuMgydW17TVNnT8vZh92Pn6miyY15j9yIa16W85kGZCZBrafyEWv7lGYdN/amtNe/WM36SKBn6bqW/f0xYz+NMpw+HwXyKRvfIJmb3mb0VJVX4519KNvo39hGWdx5nqxWL+zN7VZ06RyrKJfZLupd5Ievr5THivmUzvH8xfLSLciY8RoZkFxkkimbopyg++34cTOM3kSwtXbvpB0XwSalIeb2dyIAnGk0oJ9R25grnyxkGquk0sWPJAqwz6lj3MR5+Od/E4EGVE3jI3IRcsmPgf7xz+NHbUpOmsemn18fcLJh4HQAHjZP0dM583CVb7UF8zqxkYyH/WgSgAUHBU7WNtrXOf9m1ctQ3ttWZyoQNRRqzh/KmSTEz8Ez7cMTt24vckXUH7RwtlPBhfNLPAOCovS9ymqh1e1NikYcfVCwCAMaPBn21YW/N9HwuqFh/E4/jZD6/yjoNT8s5jJ2eDAXfMji0zXX7R3f48p43JQzMLjKN4266JebHiOXzHWy631oEoAFAQNNBvbGyp9vJk1kxjxwkmstiBKCPWeMHUSfveHP40tszskD881nFRIY0J44NmFhhnhyys+SsVfdKHOpvI6ZmmTq/evACAi1Tlu21r09d6OzmRfcaBFCN2+vFl8ta3TN5j8jwzO/aiyG4otDFh7NHMAuPsriUSBmrXe1PnKLpjUTMHwQDAnlLR+6tm1lzm65VnmcauhSZ2tgNRRiSZELn23KpJzfD8JrYZjzmzt2Wast68DjE5aGaBCbC+pebHqvKvPtTazA7u6c4udyAKAPhH9WclyfSSh1aJv0t1Ud6rrdEffGel7Dtr8i7o2LwtlN4BruUZF6zOYjdoZoGJkgiuV1E/Pro1uyHTuOUAB5IAgDdU5BcpKzn3sdXS7+uszWvKnho/cuJAlBGpKlf52HunTGoGDn8aP2ayMN4pUKjjw96jmQUmSNvq6v8Ssb/2od7Dd7Da4B0ORAEAL6jI/1SInvF468xtPs+YheLVs7JXnDFFplZM7ttZruUZZxbeWNDjw16hmQUmUFCW/KyIbveh5mZ2YW1Tx2kORAEAt6lsrBA95Wet6S6fZ2peY+d7TMybn/v7zEzIRSdXTnoOTjIeX2Z21gnLOo8r5DFiz03eAwZAEVr/5TnZTGP7bRbJ530YvUbWsqhZ3uH1s18AMI5U9KdlZcnFP7ttdo/vdbYo9GpV9lPnVUkqOfnX4C44qlT2n+3eW+r2LaH85Y+9+Px8t/L5KH529oOOx8QkoJkFJlhJUHNHztqvMpP9XK+9mb21p7vjWpHqFgfiAIBTVPWfDp6Z/tBdqyTn+8zMa8ieZSInOxBlRN76lpS89/hyJ7Icf2ipHH+oA0Fe5+ZvveRUnr2hJksy9Z03t7XOfdrfUWA8sM0YmGDxwSAqcpMvdTeJbjlpecdcB6IAgEOCb547M31xITSyMnxorHh1gnHj4qkOpHDXb18Ykh9v9PYcsjcwsYRpuMKxWHAAzSwwCTa01HwnfsbKi9qbTB/I2a0OJAEAJ6gEX9jYWn31qlUSFcKM1DW0nyFiJzoQZUQWva1U3nFIiQdJJ8/ae7bFJwEXmssyTZtqinJC8aZoZoHJYUGg13tTe5PL5y3N1jmQBAAmj2qkGtS3tVZ79Wzpbmgo+jmnE75KIoiflWVVdlcefnJA1j9VEBsGXsukVKL8UpciYfLRzAKTZMOa9DpV+Rc/6m9qobTuuH0CAIqRdiZE39vWUv3VQhp8XX3HOWI2z4EoI/L+kyrkLXM58uXNRJHJV3/o/Vlku3LVyTduneFuPEw0mllgEiWSqRUqOuTDHJjZCXUN2Y86EAUAJpbqzzSRfPv6lup/K6TKNzdLEGnU7ECUEaksU7nyjCkeJJ089/y8X55uL9wLCMysqr+/71oHosARNLPAJHrijtlPidg3fJmDSOTWzA1bpjkQBQAmgJqq3HrIwvRpbWtmtxdaxe9/qX2xmbzDgSgjcvl7psiMqoQHSSdHf87kmz8q6FXZHUwaMs1S4UIUTD6aWWCSJaZM+ZyoeHF+vplV68DALQ5EAYBxpSKbA5Vz2lpqbrpriYSFVu3hVdlQvfl5Xj09kA++s9KBJO76u59sl03bCuJMsl0yk9mypeMTDkfEBKKZBSbZE1+s2qyqX/BlHsz0uvn12aMdiAIA40JVHw9Spe/Y0JJ+oFAr/MPu7IUmdqwDUUbk2nOqpKyEYxvezKZtoXznp71uhhsPFi3L3CmpwhsYRotmFnDAwTPSX1XVZ3yYCzNLDom1OBAFAMaUqvQHKjfLMelT1t8x8/lCre5Fd0u8V9ebVdnD903KmZlyB5K468/v6xneZlwszOQA+032Q8U+76CZBZwwfOm+yg0ezca759VnL3QgBwCMCVW9L1ESHLOhpebP2q4ULw7m21NPP9z5ATE7ype8TYunShCwKvtmnmkfknuf6Hcz3HiKZAW3LIBmFnBE29r03aLymC/zEYl8ZcFS4aNyAF5Tlec0kbigrSV97hO3V/+h0GdzeGumhqsciDIiJx1dKnVHlHqQdPKsuadHouJZlH2F2VF1Te0XuBIHk4NmFnCJBcv8mQ97Sy7K+rSaDAB/El+LpoHeJjNrjmpbM/eeYqnM8NZMk8MciLJb8WJs/XlVjqecXBueGpTHfjNYtOMPI+V9SJGjmQUcsrG1+nFR/Udv5iSyFScs7zjIgSQAMGIq+tNUwo5rW5u+oW2V9BVL5S5qlhKN5DMORBmR8+aXy6H7cMbPmzEzWXvPNjfDTRSzeXUNHe8qjsFiZ2hmAceUBHKjqHjxMauJlIWD0WoHogDAbqno/RokT25rTb/r52tqflNsFXumu+NSMzvYgSi7FZ9cfPVZrMruyv0b+uV/Xsi7G3CChGI3FsVAsVM0s4Bjfr4m/ayIenNasIksztR3vteBKADwBioaqsp3U0HiuLbW9Dlta+c8UoxVWtQsZWZ2swNRRuTS0yplzrSEB0knx+CQyTfu7ynGob+R2bvqGrPzXIuFiUEzCzhIy0u/qCqbfJkb02gt970BcImKDGig30iU6mFtLTUfenzt3F8V8wT1bM5eHp914ECU3ZpVFcil76p0POXk+vuHeiW7JSrmErxGZKzOFiuaWcBBbV+asVVUvTltcviKh19n6x1IAqDIqWqHqtyaDBIHtq1NX1MMJxTvTnzyvKl92u2Ur7j67CopL+Ut6pt5qTeSv/vJdjfDTRIzXXxiU7s3101h7PCTAnBU1Yz0nSryP97Mj8ln61Z0pR1IAqDIDJ9MrPKDhATnVc1M79fWUnPT42vndvA62CEXdnxCTPZ1IcvuHJROyvnzufVtV775QI9sHyjGu3h2xXQo0pXu5sN4oZkFHPXQKslbECz3ZX7MbGo0EN7mQBQAxeM/VYNGKancp62l5n3rW6vvjX92Mv+vOH15R6V4dEBO4/lVkojv5MFOPd+Vl39+tGgO4B4dk0syjVsO8Cky9h7NLOCwjWur74uvkPBljkzkIyc0dZ7oQBQAhUq1S0VaA0kev7G15u1tLdUtbV+p8uaMgYm2ORddZWY1PmSdd1iJLDymzIEk7oqv4snzqOxOmVhKogGP7uvHWKCZBRwXJBLLRNWTP7pM82HU2tzMzxYAY0NVe+IrdYJAliZTibdvbElXt7XWNGxonfNLSrxrC1duqjLzZ+tlw+KpDqRw138+k5N1/+XFzX2T6ROZ63tmF+/wiw9vOAHHrV8z5z9E5O/8mSfL/HBLx8cdCALAQ8OnEIv+NFC5WSQ4sWpmemZ8pc6GtTVrnrhj7n/u2ASCkRjoz18jYnN9KNZZ88rlqP05FH9X1tyzzd1wjjCRCsn1NRR7HYpJstgLAPigNJH6TC6fu3j4h7QPzP7s5Bu3/tPDt07bwgsMwM7ETauo/t5MnlK1pyzQ3yYl+G3F9Lm/fGiVDFC0vZO5Ycs0EfPi3IWSpMg1Z1c5kMRd//qLfvmvZ4eKvQwjYhJdu3Dlpi8/cttsLuItAjSz2C1T/bmI/J9LlSpN5Yrqjc5jq2f937zG7EozWexAnBEZ6Os7R2Tatz2ICky4vfm5qiLz4gPXnJo11UhFekVku5jFbyC3W7w92GS7iWxXjf833Saiz5rqUyUa/faM6ennVq0Snv4bJ9o/cF0kMsvxlBa/oC85dYrWzEw4kMdNQ6HIn9+/3UT/dDDW5O9OMHN5d+eM/sH81SJyuwNZMM7UjN06AAAAGBuqorLk7qB2xpKgpPKFZK43VzIUVJZKUipTIlNUdKppNN3MZsyeFjR9/9Nzj59SzgnGb+b/++XAr1f+7da/EAs3WZDcpGG4JbJoW6DR9nxo/SVhanBgy5b8k3J0KHfHHxBpfMMAb/BRFHhmFgAAAGNiuJG9pVlFlsjAPqK9m1LBQFiSUBlKqSVSkUSloUq5aVhpIm+5/L1TaGR3oW/Qwq/d1/MvalFORQc1inKiiSHT5NBQojSsSE4JOypDK5vRb3LMjhVbGlkUE5pZAAAAjKFVcuoxor3PPhsMphJBWSIRJEsTCZF8yoJESSBRqVmi7Ij9UudfeFIlhd+F+9b3rX++K9xsov2R6oBEYU4TYS6KwnxFfii/PQyjsvxAVLVPLQ0sihLPzAIAAGBM9by4UfMzqrU6H2hv/0AiCCsSiSCfFJOUWJAyC6dfdeaU45M8KvumuraGua/9cNu/iWifmfQHFg6EQclAMrRcuehQLtUblvUFUVn+0Gjdk2Jyd7wyqxz4jaLCyiwAAADGzpN3q0it7C/7Sb5C1UqmaEo1iESDQCWIJEy8822lF5/6tjJa2V24+5H+f+sbsK0WhX2i0meW6g8kHAzCZC7K5/P92wbDzbnBqGofYYsxihbNLAAAAPaaquqOlmqJDGz5teZ62zUcVI3yfWphTi3603G8lVecXjWfir+5Zzvy2/76X7c9EYlu10B6Eyp9UZAfCCQYFAmHworB/JTk1LCyt2/HquwqlmNRnNhmDAAAgDGw834qSFaYJsyCUKPIwuiSRZVXHvOWFAsqu/Ctn/beZ6rbxKJekUSvBNqXyOvAoORzFWpDQ7nK/PbSOeF+x9REw4XXeFWWhhbFh2YWAAAAY6psxtFWUimW691i+XKzodCiVGBhaFH+yP1Sh2x4KrfdxNSG2zDZsWJr8cWzMuZHG7/8PXZGd3zbHX+fMy1IHLZPatKPVv7PZ3Iv/stjfb8Wle2aCLabSV8U5QfyFg5KSVku7E/lp1b2hrle2bEqe5eY3DLZqYHJQTMLAACAMaAy3I4uuXt4q/Hz8oKUlVZYVRRFQcJCG8rlNSgZvOXvt14SRVGVqlaJSqWYVKhJmYmVqmoyUktqJIHE1/zET8RZpDt/MG7Xi7tmpi//Uy83zVGgQSKIIkvFT/KKaKmIlItIRbz1+ePvnfKOw/ZJTZnMV0IUiXzzR9vvNQ16zKLehCR6oyDqi0QHgrJgMC+5oaGplt86OBDtt886k31OZVUWRY1mFgAAAHstPnxo+J7ZY5ZYlYhtfjZvpRVhlCvNhyVDlg8SQU4tTEqYSqgmVMLQJGlDJokBDaxELUhFGiXVND4YSi3+WhaqxP91F63am7W0w73wcCM83BAHJkFgZklRS6kEpZFYeaBSaWb5+NvtPydZMtmvgoefHPjt4/8z+KxosF0l2C5B2JcIwwHJJwcjSQxNSaXygfRFqcGt0bonuzjBGEWPZhYAAABjat26dXLMqadGZS+2R5KvDKPSwaEgjBJDYRQkUiKhDlmgibyFMpAIpEQiSalKvCKbMLUgkOHDpHaszO6mUXvz/zfuiU13bGe2INAgELOUqJSYROVqQUUkNjT8D6nofrMTk/q+eCBn0Vfv3XafBtojUdhrwycYa38UyIAmh3Lx2nb/SxKGh+wXHv3CftHGY2rjZpYTjFHUaGYBAAAwduKTdZ881cpeFIuvjqmsSIZBPpcPrXSwvKTM8tIbJRLJfBRGOUklUsOP04om1OLuMxGIhEGkCbEor3v7TtUi0UQUL9ImAomipCSilElQGm9tDsRyGreCYgmLNLXf7MSkHkr1o7b+jX/I5jtErFdMei3QvijUgWQyMSilksttSeUHE9vDWS9utLvjRvaWHeEnMzMw2WhmAQAAMCbi5mp4q/EtYlXr1tnAnLnR1BnJcNtguaRKU5YLB+L2K97zO5RIRDnNaTJMBgm1fCJUDSwhmgxVLQp1ePtsfm9ShRJ/vfh52dDyiSAZJCRKlqjky0V1KBo+cire76wlU8uDA+dMm7xrb7dssa4B5wAAGJRJREFUj4a+du/2By3eWiyyPUhIr1nUnwyCgWBIc0Pam5+SlDC5pS/a2FsbyT7Nw58aAMWOZhYAAABj6xaxdUu67NRjTo26RGTq1hekNxFZqq/PBsKSsKRCE8mwLJezwURJKEFeE4ElVUvyqhZfTitlEv+1N6L8oKqVSjSUC0rKgiA3GKZSCS3JWyKfSMYttSVMtNRMBg/fN1U1ma+AHzzW+9CWvnBLfIKxRNprEvYnwuDNr+K5ZRWrsih6QjMLAACAsfSn1dljlti6J++WU49ZEnW9sE16KytsVkm5SemWsERKgsGSZBANzlDV7UEwpBoFokNqElqpDj8J27+3oUokKo271TDIxfuWk1FKRPLxm98ovvlWpEwtyono0P5zEvtP1ovghU3h9m88sO2R4QOf4u3F8bOykupP2gBX8QC7QTMLAACAMfVyQysiv5Z1x8Sd6dFWW7LRBraUR4PpEp3Tk9RgxoHau/1XwUB1tYQWaL63W0Vmyez4l83e+zT5/pc03x9oWDFTU3398XvecKgkFz+WmwwkMZSQYChUzQcm4f6zE5N2Jc931/XeF0VBj4gMPysbqfSngvxArqxysEpSQ9uSL4Rb8yVcxQPsBM0sAAAAxtyOhnaVDK8i3iKyUWpD2SJ66qx12jNYpdJ7oIQDSZUp1TI4+HuVysRwF9sRB9nLVdl8z7Mav82tmZHU3k2DQen00ig/GN/XU5pIRYN5sTCMNIh2LAFHkp6RmDYZr4AnnxvK3vVw7690eHvxjlXZpGl/XoNB688PRSnNTy2dGuZ694vWPflLruIBXodmFgAAAONiR0OrKre8fH3MLc2yTlaZ7BN3cneryBJZ8mT8fxwqXV3rVOSFMYpx6vBfPS+Kbks8m5BSEctXhEkbivKWiiRQC/7YD5roPrMSe/mE7uhFJvJXP97+w2h4e3HYawnp1VD7Q8sPBvnSnGlqqL90IAyn7BfO+eU6k1OXcBUP8Do0swAAABg3r26+VG951Sm8S4Y3y94d/8fm5peXG8f2hN7/v737/Y3ruu88/v2ec4cz5HBISRRtk2Js1VCbrYl9sNCzfbL8J/T3yMIC+2A3i6ZpFu2iu0W76KLbKhvHsWXHSVrTyTpu3DKOm0hpZKEWEltyTMmUhnPn/ji/FneG+pHEsiTr50zfL+KCgp5wDnQF8IvPOeezcXbTNDcqt2baprZXm08gKVptSdRgMzVJTBI1awezh36V8d//c3Vu86fFv1zbXpycFjEzpQ1SiXpX98RXHxdhqb+VNjc2IlU8wG9jmAUAAMBD8Wmp4ii5lQeQNiaRzdMb6ej+5k8X9/5yVlrWadKWmiAmabBLPfvsgd7DrZitXUp/9M3+S6rjKp6kmtsQi1i5ysx26roa+vkrT4UsPxi38sNxlGQD+C2PtBwaAAAA/7qlEbnvz+ho6Tj33bMoQSuTshmNKdhoQ9Mxa3//6ezJh/0P8HfvVv9w9kN3UUUGEsKwqeIJxpW2YysZOldXc/5yfT4ur0uU9dHtxaSywKdgmAUAAMCUOiblzhl1C0ZnzcC0w6z6OLRG1ZikVlXtyoHsdx/m2vvD6L78jf53k+puTJKrtXlKUmSmUxqX1WGu8vOZC918OK7ikRO8nMAtMMwCAABg+lzLMdefkzA0GpxRr5XJnJqmZ1bHXbP2CwezhYe59m/+/fB7H++Gy9fPyqZQ2KBlFXytWjtXd/3V9kpYXn9uL5U9TioL3ALDLAAAAKbK6BzuiRO6sb2p1eVz6kvV2FYNakxst42aYKNRK5KyJ/fbfQ9r7R/thPyrp/rfa7YXa5JcVIZJpLDJVdLK6uDm/EK7CouVjFPZ4wyxwGfhAigAAABMmb0ZcEPEnz+vSz2juTGmHcWk6K0mY1OKWVK1qwceXi3PX72Rn3JO+9dS2ahStIyWdadb9aTl+tkH4aqfiWurm0lWN0bnfkllgVtjmAUAAMAUOyy+2tHZTNVllRHNjEaxJolNGrMvLNuHUsvz3gV36X+/nv9YVQYSJU8qwyxp4dVUqfAuttQvtBdCna/FzdPvNJ2ySURv2i8N4DexzRgAAABTaffClq7s/0DDnKo3pcnUGBOD1TTeZryyPzuyMPfgfx1uiof+7LXBN6OYQUwpDzaNLn3yyVfqszppxxVtF/qLa6F3djPJ+rEkt6gyAnADwywAAACm1FGpc6uh2jsvq+PLn6JtLoCK2RfXsqcexrp/dK4+99o7xVlJYXzpk9MiGFMaMZWod3XP+f6lInQubKXNjY1IFQ9wZxhmAQAAMH1Oi/5WLU/pf72WZ3925EGv24WUvvJS/xVVM2geMTa3SQpTucq0WrX3tZ+/cjB088Nxa+do5E0E7hzDLAAAAKbLrWp59NdredYO2gdey/O9n1Tv/PR8/UFzg7GEMEwSimBcaTu2kqFzdTXnL9fn4/K67FXxkMoCd4phFgAAAFPjcarlycvk/+CF3deS6m5Mkqu1o7OymemUxmV1mKv8fOZCNx+Oq3jkBC8icBe4zRgAAABT5K5qedoPct2n3h6+eeGKv3StiqdJZW0wZSW+ntPkXN31g/ZyWFtfiaMP/vxxUlngLpDMAgAAYEo1tTyqs65JZuvrF0A124xFYrZ2MHtgtTzbV0PxlZeuvt5sL9YkuagMk0hhk6ukldXBzfmFdhUWKxmnsscZYoG7xTALAACAqXO7Wp6nl1u/Oz+rD2zZX/t/w1eLSq82iWzzxGaQNVrWnW7VMx1XZhfDti9jb7Wp4pHUVMqSygJ3h23GAAAAmEJNLc9FDc29xZkxOkplxTZfJsbsi4dmHlgtz/u/8p/8z28P/lFVBhIlTyrDLGnh1VSp8C621C+0F0Kdr8XN0+8kOdkMsXrTzVUA7gTJLAAAAKbLHdTyPLnfPrBanj//zuClKGYQU8qDTaNLn3zylfqsTtpxRduF/uJa6J1tUtljowk2NadlAdwVhlkAAABMjzus5Xl6OZt7EGv+p/fr9196e/gzSWF86ZPTIhhTGjGVqHd1z/n+pSJ0LmylzY2NSBUP8PkxzAIAAGAq3E0tz/KiWbrfaw5R0ldf3j2lagbNI8bmNklhKleZVqv2vvbzVw6Gbn44bu0cjbx1wL3hzCwAAACmxJ3X8hxaymbu95rfPFP909Z71S+aQTaFMExWi2h8mc20Khk6V/s5vxvPx8Prh/eqeEhlgXtBMgsAAIAp9Nm1PIcO2vsa6hR1Cl/+xu63kupuTJKrtaOzspnplMZldZir/HzmQjcfjqt45AQvHXCPSGYBAAAwVca1PE9qkeY1+qaWp7nAOFhJYqPJ7JGV1jOzM/e3luc7Pyq+f37bfSwyruJJEgobTFmJr+c0OVd3/aC9HNbWV/ZS2eOkssA9IpkFAADAlGlqeayGau+87F4qG22TzMbsyEp2+H6u95PdWP7XF66+oSIDbXplVYap6ZVNrpJWVgc35xfaVVisZJzKHmeIBe4HhlkAAABMjzuo5VlZyp6+n+v9xlvDbw8KudIkss0Tm0HWaFl3ulXPdFyZXQzbvoy91aaKR1JTKUsqC9w7hlkAAABMhzus5Vlbsov3a70fXApX/uSV3R+q3khls6SFV1OlwrvovV9oL4TF6kjcPL09uvRJ5P5ucQb+tWKYBQAAwMS7u1oee99qef7X3w5e9snsxpTyYNPo0ieffKU+q5N2XNF2ob+4Fnpnm1T22GjcTs1pWQD3jAugAAAAMAXuopbnoG3dj/We+YX75dfezH96/dInp0XMTGmDVKLe1T3x1cdFWOpvpc2NjUgVD3B/kcwCAABgyty6lsdobK0euPdanpgk/fEr/ZebTtnmEWNzm6QwlatMq1V7X/v5KwdDNz8ct3aORt4w4P4jmQUAAMDUuF0tz785NHO43br3M6tv/7w6/YMz1fvNIJtCGCarRTS+zGZalQydq/2c343n4+H1w3tVPKSywP1GMgsAAIApcrtaHvvMva61cin+wQu7rybV3ZgkV2tHZ2Uz0ymNy+owV/n5zIVuPhxX8cgJXjDgASCZBQAAwHRoannkjNpnlnS2GJgUZrVyuc1amWmS2ftVy/P6u+UP3vvIfXT9rKyEwgZTVuLrOU3O1V0/aC+HtfWVvVT2OKks8ACQzAIAAGDy3WEtz6ED91bLczWP1ZdeuPK6yo0qntT0yiZXSSurg5vzC+0qLFYyTmWPM8QCDwrDLAAAACba3dTyPLHPHriXtb70w+K7O7vySZPINk9sBlmjZd3pVj3TcWV2MWz7MvZWmyoeSU2lLKks8GCwzRgAAAAT7s5reVaX7MznXevFT0L/v728+5aqDCRKnlSGWdLCq6lS4V1sqV9oL4Q6X4ubp99JcrL5YHpTbAzgfiKZBQAAwBS5dS1Py6aZlQPWft61/tVmfqoK2o8p5cGm0aVPPvlKfVYn7bii7UJ/cS30zjap7LHRBJua07IAHgiSWQAAAEyF29XyrK9lv9Oyn6+W570L7sJfbg7evX7pk9MiZqa0QSpR7+qe+OrjIiz1t9Lmxkakigd48EhmAQAAMCU+u5bn2aeyz1XL02Sr//3V3ZebTtnmEWNzm6QwlatMq1V7X/v5KwdDNz8ct3aORt4m4OFgmAUAAMDka2p5ds6oWzA6awamHWbVl94aVWOabcZNLc+B7AufZ50/Olf/7PV3y3PNDcYSwrCp4gnGlbZjKxk6V1dz/nJ9Pi6vSxxd+kQqCzwUDLMAAACYbHdYy7O6dPe1PC6k+Icv7r6aVHdjklytHZ2VzUynNC6rw1zl5zMXuvlwXMUjJ3iZgIeEM7MAAACYWKNanuef143t/6AfXF5TW+7T2FUNSY1pZ0ZdbaPNRtuMn9hn7rqW5/s/qd7+6S/rD6+flZVQ2GDKSnw9p8m5uusH7eWwtr4SR2P188dJZYGHhGEWAAAAE+w2tTzG2BTHtTyHlrLW3axzUKT6P//fK98dbS9O4yqeJFJkyVUy06lD0fIL3TzUuYxT2b8ZbTEG8JCwzRgAAABT4tNreZqnk2nrqf13V8vzyj8Wr29fTZebQbZ5okhhjZZ1p1v1TMeV2cWw7cvYW22qeCQ1lbKkssDDQzILAACAifdZtTxi1P7+0+0j9i5inO2rYffLL/a/ryoDieNUNktaeDVVKryLLfUL7YVQ52tx8/Q7SU42Q6zedIAXwINGMgsAAIAp8Bm1PKL2d55sPX03a/zr7w2/VTrtx5TyYNPo0ieffKU+q5N2XNF2ob+4Fnpnm1T22GiCTc1pWQAPDcMsAAAAJtttanmSil1ZMndcy3P+V/6jP/vO7pakML70yWkRjCmNmErUu7rnfP9SEToXttLmxkakigd4NBhmAQAAMLluU8sTU7SaUnbogF240zX+6WuDl1XNoHnE2NwmKUzlKtNq1d7Xfv7KwdDND8etnaORNwd4dBhmAQAAMJFGtTwnTujG9qZWl8+pL1Vje2+bcVuNpjDqmG2e5X32jmp53n3fnX1tq/z56AbjEIZNFU8wrrQdW8nQubqa85fr83F5XeLo0idSWeCRYZgFAADAhGpmyOMiGxvidzPd1zXqjDGtZntxNDZlLaNGbRIxa0v2trU8Pkj6yku7p6KkQUySq7Wjs7KZ6ZTGZXWYq/x85kI3H46reOQELw7wCHGbMQAAAKZAU8uzo7OZqssqI5oZk4JNEu1CN2sv77t9Lc9bP6v+4cfvVb8UM67iaVJZG0xZia/nNDlXd/2gvRzW1lfiaJJ+/jipLPAIkcwCAABgoo1reT7QMKfqTWkyZ4yVZptxtCrWPLfWetboZ6+wqFP9pa9f/baI5Nr0yqoMU9Mrm1wlrawObs4vtKuwWMk4lT3OEAs8agyzAAAAmHA3anlia06bWp4wSmUzk1K0h5/Mnrnd+r7zTvnGLy+lbbUyaFLZ2AyyRsu60616puPK7GLY9mXsrTZVPJKaSllSWeDRYpsxAAAAJldTyyNn1D6zpPNB1VeVqdWYTMVIjFZUzeqSfeqz1rcziIMvff3qG5JiHpLkRnWYJS28mioV3sWW+oX2Qqjztbh5+p0kJ5shVm+6ShnAo0AyCwAAgMn0G7U8dZ4brzqu5fFiko5+1zVP7bdLn7W+r785/FZexitNIitBhs2lTz75Sn1WJ+24ou1Cf3Et9M42qeyx0U9NzWlZAI8UwywAAAAmzq1reWoT1RuTok2iJiXRJ/aZfbda34eXwsd//MrVH0pKuZrxWdlgTGnEVKLe1T3n+5eK0LmwlTY3NiJVPMDjg23GAAAAmEB78+SGiD9/Xpd6V7Ro97QdZjV53zTzqEZv1Fg9tJS1b7W+v/i7wYspmd0kOpAYhlZMYbwpdcbWdTX081eeCll+MG7lh6Os8p4AjxOSWQAAAEy4ppbHaHtYmFA1yayapME08e3+edM60DOfGuD8/AN39mtv5j8Z1fBEPxSRYTRaasvXMnSurub85fp8XF6XOLr0iVQWeKwwzAIAAGBi3ajlMRpnVGMmmqJoMs0NTVb+3ZHsC/optTwxSvrqqd0XRudkr1XxtKRothcbl9VhrvLzmQvdfDiu4pETvCTAY4ZtxgAAAJhgTS3PRQ02qto5jaE2ZkbVNgOtiBw6kH3x09b24/frt35wpvoXVTNQk/Ik2TDzqayir+c0OVd3/aC9HNbWV+JoT/Pzx0llgccMySwAAAAm0+mTWu6cGeWusTYaW6W2rI6S2fF6gqwuZb910rV2yf2Xr+2+OL69OAzFyNB6X7rm0qdWVgdX+YV2FRYrGaeyxxligccRwywAAAAmz2i8PDaq5XELRhcWRJIfbyjOoh99VzHxiX1m+TfX9tbPqld//qH7SJPkam3eVPGE5qysd3UytXMLXb/ty9hbbap4JDWjMaks8PhhmAUAAMBEuVbLc0xEmlqeMLysoVaNYZzKepOlEFOKkuLyoj1w89oGRer/x7/pvywm5b45J5tCEYIbVfGYVlbP+znfDS4uVlfj5unt0aVPIp9y6BbAI8cwCwAAgAkzDkm3tzf3pswmfF2Q2euL8KLWxiQSVg7Yzs1r+9t3i7/+pB93JOgwCzJM0ioy0ylNq1V7X/viigv9xbXw7M7RKOvHRj8oNadlATx2GGYBAAAwgY6POmavCW6gRZPaGkkm2ZhMCs8cNNn++Ru1PJ/sxg//08n+t5PKcHR7cdZsL/ZlFW5U8fRtEToXttJJqniAxx7DLAAAACbYEfHlJ2pb88nYTnI2JZMkmpDCv39u9vDN6zr1dvGnrpZcogyTabYYa2F079Knm6p4tppUlioe4LFHNQ8AAAAmWtY5kET6olknaYgxmpkg0fkn9pt/e21dH+2EH//hi/23RLXKRIoUfCmaquilTi11rqKKB5g0JLMAAACYYOdGHz2fScm4YWrZmRCz6EWNe2LRPiMyvon4/7wx/KOmgudaIhuMjKp4THt86RNVPMDkYZgFAADARLNzMZkypiyG6OsQWjF6tbY+uGhWZJzKnvrL7w5PNxU82WiQNWUrmyulndUhVN4vVVTxABOIYRYAAAAT6IQsn95I7aUjqdWPaSb0oredEEwMajKnIdT7582TIUr9J6f6X0nRFU0iG70prfqqCL5Oece5uusvn6+o4gEmEMMsAAAAJtLJ5kOfPiMz3ZAGPsRO5kM7OC+VdybY+tBSNvOrnfA/XtkKv4itduG9KWtxVSW2SqZ2dc/5q+3qxqVPVPEAE0X5vwoAAIBJoqo66po9dtIc3f+suVwv2YWDs7bVn8lEypbJsqyydWajsamlqi4lk0mKoeVD8zXrfOVLv1h1fbm64pdF4qZIpIoHmCwkswAAAJgo15PT9WOpd3Y3dQ8PYze4OPAfx6ZiR7V24rI6S1llpaqa700aa9quTlo53+q4ZpC92s7DaJA9fXJvezGAScIwCwAAgAl1QjaXN1LnQpGaC5zms4XQnIENrvLN0DpsV3Xusrr5rnVZy27hos66+SsuNIPs+JyspBvbixlogUnCNmMAAABMnOtbjZ8Xlc1Nc/T3NvRq+5xZzjomv9QyoWfUz+v1m5yyQUod7+Pl1ZWYXT6XmkF2fE5WEtuLgcnEMAsAAICJpNpcO3xC5dhzKtvLevT3elquHtX8/Hkjclj8/g9uDLM7PmU9n9of1Wl5/bm9RFauby9mmAUmD8MsAAAAJtZooH3+hIocFzkturEuunthS0WOSrlzZjTMdvY/N/qFt7cqaXNzU2R5e7y1mEEWmGgMswAAAJhY17cbN5otx6dPqsixWyznpIzPx54Qef74qE+WGh5gcjHMAgAAYOKNtxzvuZbU/pprA+wYaSww+RhmAQAAMDV+baj9FAyxwPRgmAUAAAAATBx6ZgEAAAAAE4dhFgAAAAAwcRhmAQAAAAATh2EWAAAAADBxGGYBAAAAABOHYRYAAAAAMFlE5P8DtgMamIi8PNgAAAAASUVORK5CYII= | |
| mediatype: image/png | |
| apiservicedefinitions: | |
| owned: | |
| - group: external.metrics.k8s.io | |
| version: v1beta1 | |
| kind: ExternalMetricValueList | |
| displayName: Metrics Server APIService | |
| description: Metrics Server APIService which is used internally by Keda. | |
| deploymentName: keda-server | |
| containerPort: 6443 | |
| specDescriptors: [] | |
| name: externalmetricvaluelist | |
| customresourcedefinitions: | |
| owned: | |
| - name: | |
| kind: ScaledObject | |
| displayName: ScaledObject | |
| description: >- | |
| ScaledObject is used to define how KEDA should scale your application | |
| and what the triggers are. | |
| name: scaledobjects.keda.k8s.io | |
| version: v1alpha1 | |
| specDescriptors: | |
| - displayName: Deployment Name | |
| description: The deployment which will Keda scale up and setup an HPA for. | |
| path: scaleTargetRef.deploymentName | |
| x-descriptors: | |
| - 'urn:alm:descriptor:io.kubernetes:Deployment' | |
| - displayName: Container Name | |
| description: Optional. The name of container in Deployment. | |
| path: scaleTargetRef.containerName | |
| x-descriptors: | |
| - 'urn:alm:descriptor:com.tectonic.ui:text' | |
| - displayName: Polling Interval | |
| description: This is the interval to check each trigger on. | |
| path: pollingInterval | |
| x-descriptors: | |
| - 'urn:alm:descriptor:com.tectonic.ui:number' | |
| - displayName: Cooldown Period | |
| description: >- | |
| The period to wait after the last trigger reported active before | |
| scaling the deployment back to 0. | |
| path: cooldownPeriod | |
| x-descriptors: | |
| - 'urn:alm:descriptor:com.tectonic.ui:number' | |
| - displayName: Min Replica Count | |
| description: Minimum number of replicas Keda will scale the deployment down to. | |
| path: minReplicaCount | |
| x-descriptors: | |
| - 'urn:alm:descriptor:com.tectonic.ui:number' | |
| - displayName: Max Replica Count | |
| description: Maximum number of replicas Keda will scale the deployment up to. | |
| path: maxReplicaCount | |
| x-descriptors: | |
| - 'urn:alm:descriptor:com.tectonic.ui:number' | |
| statusDescriptors: [] | |
| resources: | |
| - version: autoscaling/v1 | |
| kind: HorizontalPodAutoscaler | |
| - kind: TriggerAuthentication | |
| displayName: TriggerAuthentication | |
| description: >- | |
| Trigger Authentication is used to define how KEDA should authenticate | |
| to a given trigger. | |
| name: triggerauthentications.keda.k8s.io | |
| version: v1alpha1 | |
| specDescriptors: [] | |
| statusDescriptors: [] | |
| resources: | |
| - version: v1 | |
| kind: Secret | |
| required: [] | |
| install: | |
| strategy: deployment | |
| spec: | |
| permissions: [] | |
| clusterPermissions: | |
| - rules: | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - pods | |
| - services | |
| - services/finalizers | |
| - endpoints | |
| - events | |
| - configmaps | |
| - secrets | |
| - namespaces | |
| - external | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments | |
| - deployments/finalizers | |
| - replicasets | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - jobs | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - monitoring.coreos.com | |
| resources: | |
| - servicemonitors | |
| verbs: | |
| - get | |
| - create | |
| - apiGroups: | |
| - keda.k8s.io | |
| resources: | |
| - '*' | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| verbs: | |
| - '*' | |
| serviceAccountName: keda-operator | |
| deployments: | |
| - name: keda-server | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: keda-operator | |
| strategy: {} | |
| template: | |
| metadata: | |
| labels: | |
| app: keda-operator | |
| name: keda-operator | |
| spec: | |
| containers: | |
| - args: | |
| - /usr/local/bin/keda-adapter | |
| - '--secure-port=6443' | |
| - '--logtostderr=true' | |
| - '--v=0' | |
| env: | |
| - name: WATCH_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: 'metadata.annotations[''olm.targetNamespaces'']' | |
| image: 'docker.io/zroubalik/keda-metrics-adapter:0.0.4' | |
| imagePullPolicy: Always | |
| name: keda-metrics-apiserver | |
| ports: | |
| - containerPort: 6443 | |
| name: https | |
| - containerPort: 8080 | |
| name: http | |
| resources: {} | |
| volumeMounts: | |
| - mountPath: /tmp | |
| name: temp-vol | |
| serviceAccountName: keda-operator | |
| volumes: | |
| - emptyDir: {} | |
| name: temp-vol | |
| - name: keda-operator | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: keda-operator | |
| strategy: {} | |
| template: | |
| metadata: | |
| labels: | |
| app: keda-operator | |
| name: keda-operator | |
| spec: | |
| containers: | |
| - command: | |
| - keda | |
| env: | |
| - name: WATCH_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: 'metadata.annotations[''olm.targetNamespaces'']' | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: OPERATOR_NAME | |
| value: keda-operator | |
| image: 'docker.io/zroubalik/keda:0.0.4' | |
| imagePullPolicy: Always | |
| name: keda-operator | |
| resources: {} | |
| serviceAccountName: keda-operator | |
| volumes: | |
| - emptyDir: {} | |
| name: temp-vol | |
| installModes: | |
| - type: OwnNamespace | |
| supported: false | |
| - type: SingleNamespace | |
| supported: false | |
| - type: MultiNamespace | |
| supported: false | |
| - type: AllNamespaces | |
| supported: true | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| # "namespace" omitted since ClusterRoles are not namespaced | |
| name: keda-operator | |
| rules: | |
| - apiGroups: | |
| - '' | |
| resources: | |
| - pods | |
| - services | |
| - services/finalizers | |
| - endpoints | |
| - events | |
| - configmaps | |
| - secrets | |
| - namespaces | |
| - external | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments | |
| - deployments/finalizers | |
| - replicasets | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - jobs | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - monitoring.coreos.com | |
| resources: | |
| - servicemonitors | |
| verbs: | |
| - get | |
| - create | |
| - apiGroups: | |
| - keda.k8s.io | |
| resources: | |
| - '*' | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| verbs: | |
| - '*' | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: keda-operator | |
| namespace: openshift-operators | |
| subjects: | |
| - kind: ServiceAccount | |
| name: keda-operator # Name is case sensitive | |
| namespace: openshift-operators | |
| roleRef: | |
| kind: ClusterRole | |
| name: keda-operator | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: twitter-function | |
| namespace: openshift-operators | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: twitter-function | |
| namespace: openshift-operators | |
| labels: | |
| app: twitter-function | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: twitter-function | |
| template: | |
| metadata: | |
| labels: | |
| app: twitter-function | |
| spec: | |
| containers: | |
| - name: twitter-function | |
| image: zroubalik/twitter-function | |
| env: | |
| - name: AzureFunctionsJobHost__functions__0 | |
| value: KafkaTwitterTrigger | |
| envFrom: | |
| - secretRef: | |
| name: twitter-function | |
| --- | |
| apiVersion: keda.k8s.io/v1alpha1 | |
| kind: ScaledObject | |
| metadata: | |
| name: twitter-function | |
| namespace: openshift-operators | |
| labels: | |
| deploymentName: twitter-function | |
| spec: | |
| pollingInterval: 15 | |
| scaleTargetRef: | |
| deploymentName: twitter-function | |
| triggers: | |
| - type: kafka | |
| metadata: | |
| type: kafkaTrigger | |
| direction: in | |
| name: event | |
| topic: twitter | |
| brokerList: my-cluster-kafka-brokers.openshift-operators:9092 | |
| consumerGroup: functions | |
| dataType: binary | |
| lagThreshold: '2' | |
| --- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment