Created
November 27, 2019 19:20
-
-
Save awgreene/938db872f0b4347a4b3fc7b4ae2e73a3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.2.4 | |
creationTimestamp: null | |
name: clusterserviceversions.operators.coreos.com | |
spec: | |
group: operators.coreos.com | |
names: | |
kind: ClusterServiceVersion | |
listKind: ClusterServiceVersionList | |
plural: clusterserviceversions | |
singular: clusterserviceversion | |
scope: Namespaced | |
versions: | |
- name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. | |
properties: | |
apiVersion: | |
description: 'APIVersion defines the versioned schema of this representation | |
of an object. Servers should convert recognized schemas to the latest | |
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
type: string | |
kind: | |
description: 'Kind is a string value representing the REST resource this | |
object represents. Servers may infer this from the endpoint the client | |
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
type: string | |
metadata: | |
type: object | |
spec: | |
description: ClusterServiceVersionSpec declarations tell OLM how to install | |
an operator that can manage apps for a given version. | |
properties: | |
annotations: | |
additionalProperties: | |
type: string | |
description: Annotations is an unstructured key value map stored with | |
a resource that may be set by external tools to store and retrieve | |
arbitrary metadata. | |
type: object | |
apiservicedefinitions: | |
description: APIServiceDefinitions declares all of the extension apis | |
managed or required by an operator being ran by ClusterServiceVersion. | |
properties: | |
owned: | |
items: | |
description: APIServiceDescription provides details to OLM about | |
apis provided via aggregation | |
properties: | |
actionDescriptors: | |
items: | |
description: ActionDescriptor describes a declarative | |
action that can be performed on a custom resource instance | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
containerPort: | |
format: int32 | |
type: integer | |
deploymentName: | |
type: string | |
description: | |
type: string | |
displayName: | |
type: string | |
group: | |
type: string | |
kind: | |
type: string | |
name: | |
type: string | |
resources: | |
items: | |
description: APIResourceReference is a Kubernetes resource | |
type used by a custom resource | |
properties: | |
kind: | |
type: string | |
name: | |
type: string | |
version: | |
type: string | |
required: | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
specDescriptors: | |
items: | |
description: SpecDescriptor describes a field in a spec | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
statusDescriptors: | |
items: | |
description: StatusDescriptor describes a field in a status | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
version: | |
type: string | |
required: | |
- group | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
required: | |
items: | |
description: APIServiceDescription provides details to OLM about | |
apis provided via aggregation | |
properties: | |
actionDescriptors: | |
items: | |
description: ActionDescriptor describes a declarative | |
action that can be performed on a custom resource instance | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
containerPort: | |
format: int32 | |
type: integer | |
deploymentName: | |
type: string | |
description: | |
type: string | |
displayName: | |
type: string | |
group: | |
type: string | |
kind: | |
type: string | |
name: | |
type: string | |
resources: | |
items: | |
description: APIResourceReference is a Kubernetes resource | |
type used by a custom resource | |
properties: | |
kind: | |
type: string | |
name: | |
type: string | |
version: | |
type: string | |
required: | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
specDescriptors: | |
items: | |
description: SpecDescriptor describes a field in a spec | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
statusDescriptors: | |
items: | |
description: StatusDescriptor describes a field in a status | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
version: | |
type: string | |
required: | |
- group | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
type: object | |
customresourcedefinitions: | |
description: "CustomResourceDefinitions declares all of the CRDs managed | |
or required by an operator being ran by ClusterServiceVersion. \n | |
If the CRD is present in the Owned list, it is implicitly required." | |
properties: | |
owned: | |
items: | |
description: CRDDescription provides details to OLM about the | |
CRDs | |
properties: | |
actionDescriptors: | |
items: | |
description: ActionDescriptor describes a declarative | |
action that can be performed on a custom resource instance | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
description: | |
type: string | |
displayName: | |
type: string | |
kind: | |
type: string | |
name: | |
type: string | |
resources: | |
items: | |
description: APIResourceReference is a Kubernetes resource | |
type used by a custom resource | |
properties: | |
kind: | |
type: string | |
name: | |
type: string | |
version: | |
type: string | |
required: | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
specDescriptors: | |
items: | |
description: SpecDescriptor describes a field in a spec | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
statusDescriptors: | |
items: | |
description: StatusDescriptor describes a field in a status | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
version: | |
type: string | |
required: | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
required: | |
items: | |
description: CRDDescription provides details to OLM about the | |
CRDs | |
properties: | |
actionDescriptors: | |
items: | |
description: ActionDescriptor describes a declarative | |
action that can be performed on a custom resource instance | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
description: | |
type: string | |
displayName: | |
type: string | |
kind: | |
type: string | |
name: | |
type: string | |
resources: | |
items: | |
description: APIResourceReference is a Kubernetes resource | |
type used by a custom resource | |
properties: | |
kind: | |
type: string | |
name: | |
type: string | |
version: | |
type: string | |
required: | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
specDescriptors: | |
items: | |
description: SpecDescriptor describes a field in a spec | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
statusDescriptors: | |
items: | |
description: StatusDescriptor describes a field in a status | |
block of a CRD so that OLM can consume it | |
properties: | |
description: | |
type: string | |
displayName: | |
type: string | |
path: | |
type: string | |
value: | |
description: RawMessage is a raw encoded JSON value. | |
It implements Marshaler and Unmarshaler and can | |
be used to delay JSON decoding or precompute a JSON | |
encoding. | |
format: byte | |
type: string | |
x-descriptors: | |
items: | |
type: string | |
type: array | |
required: | |
- path | |
type: object | |
type: array | |
version: | |
type: string | |
required: | |
- kind | |
- name | |
- version | |
type: object | |
type: array | |
type: object | |
description: | |
type: string | |
displayName: | |
type: string | |
icon: | |
items: | |
properties: | |
base64data: | |
type: string | |
mediatype: | |
type: string | |
required: | |
- base64data | |
- mediatype | |
type: object | |
type: array | |
install: | |
description: NamedInstallStrategy represents the block of an ClusterServiceVersion | |
resource where the install strategy is specified. | |
properties: | |
spec: | |
description: StrategyDetailsDeployment represents the parsed details | |
of a Deployment InstallStrategy. | |
properties: | |
clusterPermissions: | |
items: | |
description: StrategyDeploymentPermissions describe the | |
rbac rules and service account needed by the install strategy | |
properties: | |
rules: | |
items: | |
description: PolicyRule holds information that describes | |
a policy rule, but does not contain information | |
about who the rule applies to or which namespace | |
the rule applies to. | |
properties: | |
apiGroups: | |
description: APIGroups is the name of the APIGroup | |
that contains the resources. If multiple API | |
groups are specified, any action requested against | |
one of the enumerated resources in any API group | |
will be allowed. | |
items: | |
type: string | |
type: array | |
nonResourceURLs: | |
description: NonResourceURLs is a set of partial | |
urls that a user should have access to. *s | |
are allowed, but only as the full, final step | |
in the path Since non-resource URLs are not | |
namespaced, this field is only applicable for | |
ClusterRoles referenced from a ClusterRoleBinding. | |
Rules can either apply to API resources (such | |
as "pods" or "secrets") or non-resource URL | |
paths (such as "/api"), but not both. | |
items: | |
type: string | |
type: array | |
resourceNames: | |
description: ResourceNames is an optional white | |
list of names that the rule applies to. An | |
empty set means that everything is allowed. | |
items: | |
type: string | |
type: array | |
resources: | |
description: Resources is a list of resources | |
this rule applies to. ResourceAll represents | |
all resources. | |
items: | |
type: string | |
type: array | |
verbs: | |
description: Verbs is a list of Verbs that apply | |
to ALL the ResourceKinds and AttributeRestrictions | |
contained in this rule. VerbAll represents | |
all kinds. | |
items: | |
type: string | |
type: array | |
required: | |
- verbs | |
type: object | |
type: array | |
serviceAccountName: | |
type: string | |
required: | |
- rules | |
- serviceAccountName | |
type: object | |
type: array | |
deployments: | |
items: | |
description: StrategyDeploymentSpec contains the name and | |
spec for the deployment ALM should create | |
properties: | |
name: | |
type: string | |
spec: | |
description: DeploymentSpec is the specification of | |
the desired behavior of the Deployment. | |
properties: | |
minReadySeconds: | |
description: Minimum number of seconds for which | |
a newly created pod should be ready without any | |
of its container crashing, for it to be considered | |
available. Defaults to 0 (pod will be considered | |
available as soon as it is ready) | |
format: int32 | |
type: integer | |
paused: | |
description: Indicates that the deployment is paused. | |
type: boolean | |
progressDeadlineSeconds: | |
description: The maximum time in seconds for a deployment | |
to make progress before it is considered to be | |
failed. The deployment controller will continue | |
to process failed deployments and a condition | |
with a ProgressDeadlineExceeded reason will be | |
surfaced in the deployment status. Note that progress | |
will not be estimated during the time a deployment | |
is paused. Defaults to 600s. | |
format: int32 | |
type: integer | |
replicas: | |
description: Number of desired pods. This is a pointer | |
to distinguish between explicit zero and not specified. | |
Defaults to 1. | |
format: int32 | |
type: integer | |
revisionHistoryLimit: | |
description: The number of old ReplicaSets to retain | |
to allow rollback. This is a pointer to distinguish | |
between explicit zero and not specified. Defaults | |
to 10. | |
format: int32 | |
type: integer | |
selector: | |
description: Label selector for pods. Existing ReplicaSets | |
whose pods are selected by this will be the ones | |
affected by this deployment. It must match the | |
pod template's labels. | |
properties: | |
matchExpressions: | |
description: matchExpressions is a list of label | |
selector requirements. The requirements are | |
ANDed. | |
items: | |
description: A label selector requirement | |
is a selector that contains values, a key, | |
and an operator that relates the key and | |
values. | |
properties: | |
key: | |
description: key is the label key that | |
the selector applies to. | |
type: string | |
operator: | |
description: operator represents a key's | |
relationship to a set of values. Valid | |
operators are In, NotIn, Exists and | |
DoesNotExist. | |
type: string | |
values: | |
description: values is an array of string | |
values. If the operator is In or NotIn, | |
the values array must be non-empty. | |
If the operator is Exists or DoesNotExist, | |
the values array must be empty. This | |
array is replaced during a strategic | |
merge patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchLabels: | |
additionalProperties: | |
type: string | |
description: matchLabels is a map of {key,value} | |
pairs. A single {key,value} in the matchLabels | |
map is equivalent to an element of matchExpressions, | |
whose key field is "key", the operator is | |
"In", and the values array contains only "value". | |
The requirements are ANDed. | |
type: object | |
type: object | |
strategy: | |
description: The deployment strategy to use to replace | |
existing pods with new ones. | |
properties: | |
rollingUpdate: | |
description: 'Rolling update config params. | |
Present only if DeploymentStrategyType = RollingUpdate. | |
--- TODO: Update this to follow our convention | |
for oneOf, whatever we decide it to be.' | |
properties: | |
maxSurge: | |
type: string | |
description: 'The maximum number of pods | |
that can be scheduled above the desired | |
number of pods. Value can be an absolute | |
number (ex: 5) or a percentage of desired | |
pods (ex: 10%). This can not be 0 if MaxUnavailable | |
is 0. Absolute number is calculated from | |
percentage by rounding up. Defaults to | |
25%. Example: when this is set to 30%, | |
the new ReplicaSet can be scaled up immediately | |
when the rolling update starts, such that | |
the total number of old and new pods do | |
not exceed 130% of desired pods. Once | |
old pods have been killed, new ReplicaSet | |
can be scaled up further, ensuring that | |
total number of pods running at any time | |
during the update is at most 130% of desired | |
pods.' | |
maxUnavailable: | |
type: string | |
description: 'The maximum number of pods | |
that can be unavailable during the update. | |
Value can be an absolute number (ex: 5) | |
or a percentage of desired pods (ex: 10%). | |
Absolute number is calculated from percentage | |
by rounding down. This can not be 0 if | |
MaxSurge is 0. Defaults to 25%. Example: | |
when this is set to 30%, the old ReplicaSet | |
can be scaled down to 70% of desired pods | |
immediately when the rolling update starts. | |
Once new pods are ready, old ReplicaSet | |
can be scaled down further, followed by | |
scaling up the new ReplicaSet, ensuring | |
that the total number of pods available | |
at all times during the update is at least | |
70% of desired pods.' | |
type: object | |
type: | |
description: Type of deployment. Can be "Recreate" | |
or "RollingUpdate". Default is RollingUpdate. | |
type: string | |
type: object | |
template: | |
description: Template describes the pods that will | |
be created. | |
properties: | |
metadata: | |
description: 'Standard object''s metadata. More | |
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' | |
type: object | |
spec: | |
description: 'Specification of the desired behavior | |
of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' | |
properties: | |
activeDeadlineSeconds: | |
description: Optional duration in seconds | |
the pod may be active on the node relative | |
to StartTime before the system will actively | |
try to mark it failed and kill associated | |
containers. Value must be a positive integer. | |
format: int64 | |
type: integer | |
affinity: | |
description: If specified, the pod's scheduling | |
constraints | |
properties: | |
nodeAffinity: | |
description: Describes node affinity | |
scheduling rules for the pod. | |
properties: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
description: The scheduler will | |
prefer to schedule pods to nodes | |
that satisfy the affinity expressions | |
specified by this field, but it | |
may choose a node that violates | |
one or more of the expressions. | |
The node that is most preferred | |
is the one with the greatest sum | |
of weights, i.e. for each node | |
that meets all of the scheduling | |
requirements (resource request, | |
requiredDuringScheduling affinity | |
expressions, etc.), compute a | |
sum by iterating through the elements | |
of this field and adding "weight" | |
to the sum if the node matches | |
the corresponding matchExpressions; | |
the node(s) with the highest sum | |
are the most preferred. | |
items: | |
description: An empty preferred | |
scheduling term matches all | |
objects with implicit weight | |
0 (i.e. it's a no-op). A null | |
preferred scheduling term matches | |
no objects (i.e. is also a no-op). | |
properties: | |
preference: | |
description: A node selector | |
term, associated with the | |
corresponding weight. | |
properties: | |
matchExpressions: | |
description: A list of | |
node selector requirements | |
by node's labels. | |
items: | |
description: A node | |
selector requirement | |
is a selector that | |
contains values, a | |
key, and an operator | |
that relates the key | |
and values. | |
properties: | |
key: | |
description: The | |
label key that | |
the selector applies | |
to. | |
type: string | |
operator: | |
description: Represents | |
a key's relationship | |
to a set of values. | |
Valid operators | |
are In, NotIn, | |
Exists, DoesNotExist. | |
Gt, and Lt. | |
type: string | |
values: | |
description: An | |
array of string | |
values. If the | |
operator is In | |
or NotIn, the | |
values array must | |
be non-empty. | |
If the operator | |
is Exists or DoesNotExist, | |
the values array | |
must be empty. | |
If the operator | |
is Gt or Lt, the | |
values array must | |
have a single | |
element, which | |
will be interpreted | |
as an integer. | |
This array is | |
replaced during | |
a strategic merge | |
patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchFields: | |
description: A list of | |
node selector requirements | |
by node's fields. | |
items: | |
description: A node | |
selector requirement | |
is a selector that | |
contains values, a | |
key, and an operator | |
that relates the key | |
and values. | |
properties: | |
key: | |
description: The | |
label key that | |
the selector applies | |
to. | |
type: string | |
operator: | |
description: Represents | |
a key's relationship | |
to a set of values. | |
Valid operators | |
are In, NotIn, | |
Exists, DoesNotExist. | |
Gt, and Lt. | |
type: string | |
values: | |
description: An | |
array of string | |
values. If the | |
operator is In | |
or NotIn, the | |
values array must | |
be non-empty. | |
If the operator | |
is Exists or DoesNotExist, | |
the values array | |
must be empty. | |
If the operator | |
is Gt or Lt, the | |
values array must | |
have a single | |
element, which | |
will be interpreted | |
as an integer. | |
This array is | |
replaced during | |
a strategic merge | |
patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
type: object | |
weight: | |
description: Weight associated | |
with matching the corresponding | |
nodeSelectorTerm, in the | |
range 1-100. | |
format: int32 | |
type: integer | |
required: | |
- preference | |
- weight | |
type: object | |
type: array | |
requiredDuringSchedulingIgnoredDuringExecution: | |
description: If the affinity requirements | |
specified by this field are not | |
met at scheduling time, the pod | |
will not be scheduled onto the | |
node. If the affinity requirements | |
specified by this field cease | |
to be met at some point during | |
pod execution (e.g. due to an | |
update), the system may or may | |
not try to eventually evict the | |
pod from its node. | |
properties: | |
nodeSelectorTerms: | |
description: Required. A list | |
of node selector terms. The | |
terms are ORed. | |
items: | |
description: A null or empty | |
node selector term matches | |
no objects. The requirements | |
of them are ANDed. The TopologySelectorTerm | |
type implements a subset | |
of the NodeSelectorTerm. | |
properties: | |
matchExpressions: | |
description: A list of | |
node selector requirements | |
by node's labels. | |
items: | |
description: A node | |
selector requirement | |
is a selector that | |
contains values, a | |
key, and an operator | |
that relates the key | |
and values. | |
properties: | |
key: | |
description: The | |
label key that | |
the selector applies | |
to. | |
type: string | |
operator: | |
description: Represents | |
a key's relationship | |
to a set of values. | |
Valid operators | |
are In, NotIn, | |
Exists, DoesNotExist. | |
Gt, and Lt. | |
type: string | |
values: | |
description: An | |
array of string | |
values. If the | |
operator is In | |
or NotIn, the | |
values array must | |
be non-empty. | |
If the operator | |
is Exists or DoesNotExist, | |
the values array | |
must be empty. | |
If the operator | |
is Gt or Lt, the | |
values array must | |
have a single | |
element, which | |
will be interpreted | |
as an integer. | |
This array is | |
replaced during | |
a strategic merge | |
patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchFields: | |
description: A list of | |
node selector requirements | |
by node's fields. | |
items: | |
description: A node | |
selector requirement | |
is a selector that | |
contains values, a | |
key, and an operator | |
that relates the key | |
and values. | |
properties: | |
key: | |
description: The | |
label key that | |
the selector applies | |
to. | |
type: string | |
operator: | |
description: Represents | |
a key's relationship | |
to a set of values. | |
Valid operators | |
are In, NotIn, | |
Exists, DoesNotExist. | |
Gt, and Lt. | |
type: string | |
values: | |
description: An | |
array of string | |
values. If the | |
operator is In | |
or NotIn, the | |
values array must | |
be non-empty. | |
If the operator | |
is Exists or DoesNotExist, | |
the values array | |
must be empty. | |
If the operator | |
is Gt or Lt, the | |
values array must | |
have a single | |
element, which | |
will be interpreted | |
as an integer. | |
This array is | |
replaced during | |
a strategic merge | |
patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
type: object | |
type: array | |
required: | |
- nodeSelectorTerms | |
type: object | |
type: object | |
podAffinity: | |
description: Describes pod affinity | |
scheduling rules (e.g. co-locate this | |
pod in the same node, zone, etc. as | |
some other pod(s)). | |
properties: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
description: The scheduler will | |
prefer to schedule pods to nodes | |
that satisfy the affinity expressions | |
specified by this field, but it | |
may choose a node that violates | |
one or more of the expressions. | |
The node that is most preferred | |
is the one with the greatest sum | |
of weights, i.e. for each node | |
that meets all of the scheduling | |
requirements (resource request, | |
requiredDuringScheduling affinity | |
expressions, etc.), compute a | |
sum by iterating through the elements | |
of this field and adding "weight" | |
to the sum if the node has pods | |
which matches the corresponding | |
podAffinityTerm; the node(s) with | |
the highest sum are the most preferred. | |
items: | |
description: The weights of all | |
of the matched WeightedPodAffinityTerm | |
fields are added per-node to | |
find the most preferred node(s) | |
properties: | |
podAffinityTerm: | |
description: Required. A pod | |
affinity term, associated | |
with the corresponding weight. | |
properties: | |
labelSelector: | |
description: A label query | |
over a set of resources, | |
in this case pods. | |
properties: | |
matchExpressions: | |
description: matchExpressions | |
is a list of label | |
selector requirements. | |
The requirements | |
are ANDed. | |
items: | |
description: A label | |
selector requirement | |
is a selector | |
that contains | |
values, a key, | |
and an operator | |
that relates the | |
key and values. | |
properties: | |
key: | |
description: key | |
is the label | |
key that the | |
selector applies | |
to. | |
type: string | |
operator: | |
description: operator | |
represents | |
a key's relationship | |
to a set of | |
values. Valid | |
operators | |
are In, NotIn, | |
Exists and | |
DoesNotExist. | |
type: string | |
values: | |
description: values | |
is an array | |
of string | |
values. If | |
the operator | |
is In or NotIn, | |
the values | |
array must | |
be non-empty. | |
If the operator | |
is Exists | |
or DoesNotExist, | |
the values | |
array must | |
be empty. | |
This array | |
is replaced | |
during a strategic | |
merge patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchLabels: | |
additionalProperties: | |
type: string | |
description: matchLabels | |
is a map of {key,value} | |
pairs. A single | |
{key,value} in the | |
matchLabels map | |
is equivalent to | |
an element of matchExpressions, | |
whose key field | |
is "key", the operator | |
is "In", and the | |
values array contains | |
only "value". The | |
requirements are | |
ANDed. | |
type: object | |
type: object | |
namespaces: | |
description: namespaces | |
specifies which namespaces | |
the labelSelector applies | |
to (matches against); | |
null or empty list means | |
"this pod's namespace" | |
items: | |
type: string | |
type: array | |
topologyKey: | |
description: This pod | |
should be co-located | |
(affinity) or not co-located | |
(anti-affinity) with | |
the pods matching the | |
labelSelector in the | |
specified namespaces, | |
where co-located is | |
defined as running on | |
a node whose value of | |
the label with key topologyKey | |
matches that of any | |
node on which any of | |
the selected pods is | |
running. Empty topologyKey | |
is not allowed. | |
type: string | |
required: | |
- topologyKey | |
type: object | |
weight: | |
description: weight associated | |
with matching the corresponding | |
podAffinityTerm, in the | |
range 1-100. | |
format: int32 | |
type: integer | |
required: | |
- podAffinityTerm | |
- weight | |
type: object | |
type: array | |
requiredDuringSchedulingIgnoredDuringExecution: | |
description: If the affinity requirements | |
specified by this field are not | |
met at scheduling time, the pod | |
will not be scheduled onto the | |
node. If the affinity requirements | |
specified by this field cease | |
to be met at some point during | |
pod execution (e.g. due to a pod | |
label update), the system may | |
or may not try to eventually evict | |
the pod from its node. When there | |
are multiple elements, the lists | |
of nodes corresponding to each | |
podAffinityTerm are intersected, | |
i.e. all terms must be satisfied. | |
items: | |
description: Defines a set of | |
pods (namely those matching | |
the labelSelector relative to | |
the given namespace(s)) that | |
this pod should be co-located | |
(affinity) or not co-located | |
(anti-affinity) with, where | |
co-located is defined as running | |
on a node whose value of the | |
label with key <topologyKey> | |
matches that of any node on | |
which a pod of the set of pods | |
is running | |
properties: | |
labelSelector: | |
description: A label query | |
over a set of resources, | |
in this case pods. | |
properties: | |
matchExpressions: | |
description: matchExpressions | |
is a list of label selector | |
requirements. The requirements | |
are ANDed. | |
items: | |
description: A label | |
selector requirement | |
is a selector that | |
contains values, a | |
key, and an operator | |
that relates the key | |
and values. | |
properties: | |
key: | |
description: key | |
is the label key | |
that the selector | |
applies to. | |
type: string | |
operator: | |
description: operator | |
represents a key's | |
relationship to | |
a set of values. | |
Valid operators | |
are In, NotIn, | |
Exists and DoesNotExist. | |
type: string | |
values: | |
description: values | |
is an array of | |
string values. | |
If the operator | |
is In or NotIn, | |
the values array | |
must be non-empty. | |
If the operator | |
is Exists or DoesNotExist, | |
the values array | |
must be empty. | |
This array is | |
replaced during | |
a strategic merge | |
patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchLabels: | |
additionalProperties: | |
type: string | |
description: matchLabels | |
is a map of {key,value} | |
pairs. A single {key,value} | |
in the matchLabels map | |
is equivalent to an | |
element of matchExpressions, | |
whose key field is "key", | |
the operator is "In", | |
and the values array | |
contains only "value". | |
The requirements are | |
ANDed. | |
type: object | |
type: object | |
namespaces: | |
description: namespaces specifies | |
which namespaces the labelSelector | |
applies to (matches against); | |
null or empty list means | |
"this pod's namespace" | |
items: | |
type: string | |
type: array | |
topologyKey: | |
description: This pod should | |
be co-located (affinity) | |
or not co-located (anti-affinity) | |
with the pods matching the | |
labelSelector in the specified | |
namespaces, where co-located | |
is defined as running on | |
a node whose value of the | |
label with key topologyKey | |
matches that of any node | |
on which any of the selected | |
pods is running. Empty topologyKey | |
is not allowed. | |
type: string | |
required: | |
- topologyKey | |
type: object | |
type: array | |
type: object | |
podAntiAffinity: | |
description: Describes pod anti-affinity | |
scheduling rules (e.g. avoid putting | |
this pod in the same node, zone, etc. | |
as some other pod(s)). | |
properties: | |
preferredDuringSchedulingIgnoredDuringExecution: | |
description: The scheduler will | |
prefer to schedule pods to nodes | |
that satisfy the anti-affinity | |
expressions specified by this | |
field, but it may choose a node | |
that violates one or more of the | |
expressions. The node that is | |
most preferred is the one with | |
the greatest sum of weights, i.e. | |
for each node that meets all of | |
the scheduling requirements (resource | |
request, requiredDuringScheduling | |
anti-affinity expressions, etc.), | |
compute a sum by iterating through | |
the elements of this field and | |
adding "weight" to the sum if | |
the node has pods which matches | |
the corresponding podAffinityTerm; | |
the node(s) with the highest sum | |
are the most preferred. | |
items: | |
description: The weights of all | |
of the matched WeightedPodAffinityTerm | |
fields are added per-node to | |
find the most preferred node(s) | |
properties: | |
podAffinityTerm: | |
description: Required. A pod | |
affinity term, associated | |
with the corresponding weight. | |
properties: | |
labelSelector: | |
description: A label query | |
over a set of resources, | |
in this case pods. | |
properties: | |
matchExpressions: | |
description: matchExpressions | |
is a list of label | |
selector requirements. | |
The requirements | |
are ANDed. | |
items: | |
description: A label | |
selector requirement | |
is a selector | |
that contains | |
values, a key, | |
and an operator | |
that relates the | |
key and values. | |
properties: | |
key: | |
description: key | |
is the label | |
key that the | |
selector applies | |
to. | |
type: string | |
operator: | |
description: operator | |
represents | |
a key's relationship | |
to a set of | |
values. Valid | |
operators | |
are In, NotIn, | |
Exists and | |
DoesNotExist. | |
type: string | |
values: | |
description: values | |
is an array | |
of string | |
values. If | |
the operator | |
is In or NotIn, | |
the values | |
array must | |
be non-empty. | |
If the operator | |
is Exists | |
or DoesNotExist, | |
the values | |
array must | |
be empty. | |
This array | |
is replaced | |
during a strategic | |
merge patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchLabels: | |
additionalProperties: | |
type: string | |
description: matchLabels | |
is a map of {key,value} | |
pairs. A single | |
{key,value} in the | |
matchLabels map | |
is equivalent to | |
an element of matchExpressions, | |
whose key field | |
is "key", the operator | |
is "In", and the | |
values array contains | |
only "value". The | |
requirements are | |
ANDed. | |
type: object | |
type: object | |
namespaces: | |
description: namespaces | |
specifies which namespaces | |
the labelSelector applies | |
to (matches against); | |
null or empty list means | |
"this pod's namespace" | |
items: | |
type: string | |
type: array | |
topologyKey: | |
description: This pod | |
should be co-located | |
(affinity) or not co-located | |
(anti-affinity) with | |
the pods matching the | |
labelSelector in the | |
specified namespaces, | |
where co-located is | |
defined as running on | |
a node whose value of | |
the label with key topologyKey | |
matches that of any | |
node on which any of | |
the selected pods is | |
running. Empty topologyKey | |
is not allowed. | |
type: string | |
required: | |
- topologyKey | |
type: object | |
weight: | |
description: weight associated | |
with matching the corresponding | |
podAffinityTerm, in the | |
range 1-100. | |
format: int32 | |
type: integer | |
required: | |
- podAffinityTerm | |
- weight | |
type: object | |
type: array | |
requiredDuringSchedulingIgnoredDuringExecution: | |
description: If the anti-affinity | |
requirements specified by this | |
field are not met at scheduling | |
time, the pod will not be scheduled | |
onto the node. If the anti-affinity | |
requirements specified by this | |
field cease to be met at some | |
point during pod execution (e.g. | |
due to a pod label update), the | |
system may or may not try to eventually | |
evict the pod from its node. When | |
there are multiple elements, the | |
lists of nodes corresponding to | |
each podAffinityTerm are intersected, | |
i.e. all terms must be satisfied. | |
items: | |
description: Defines a set of | |
pods (namely those matching | |
the labelSelector relative to | |
the given namespace(s)) that | |
this pod should be co-located | |
(affinity) or not co-located | |
(anti-affinity) with, where | |
co-located is defined as running | |
on a node whose value of the | |
label with key <topologyKey> | |
matches that of any node on | |
which a pod of the set of pods | |
is running | |
properties: | |
labelSelector: | |
description: A label query | |
over a set of resources, | |
in this case pods. | |
properties: | |
matchExpressions: | |
description: matchExpressions | |
is a list of label selector | |
requirements. The requirements | |
are ANDed. | |
items: | |
description: A label | |
selector requirement | |
is a selector that | |
contains values, a | |
key, and an operator | |
that relates the key | |
and values. | |
properties: | |
key: | |
description: key | |
is the label key | |
that the selector | |
applies to. | |
type: string | |
operator: | |
description: operator | |
represents a key's | |
relationship to | |
a set of values. | |
Valid operators | |
are In, NotIn, | |
Exists and DoesNotExist. | |
type: string | |
values: | |
description: values | |
is an array of | |
string values. | |
If the operator | |
is In or NotIn, | |
the values array | |
must be non-empty. | |
If the operator | |
is Exists or DoesNotExist, | |
the values array | |
must be empty. | |
This array is | |
replaced during | |
a strategic merge | |
patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchLabels: | |
additionalProperties: | |
type: string | |
description: matchLabels | |
is a map of {key,value} | |
pairs. A single {key,value} | |
in the matchLabels map | |
is equivalent to an | |
element of matchExpressions, | |
whose key field is "key", | |
the operator is "In", | |
and the values array | |
contains only "value". | |
The requirements are | |
ANDed. | |
type: object | |
type: object | |
namespaces: | |
description: namespaces specifies | |
which namespaces the labelSelector | |
applies to (matches against); | |
null or empty list means | |
"this pod's namespace" | |
items: | |
type: string | |
type: array | |
topologyKey: | |
description: This pod should | |
be co-located (affinity) | |
or not co-located (anti-affinity) | |
with the pods matching the | |
labelSelector in the specified | |
namespaces, where co-located | |
is defined as running on | |
a node whose value of the | |
label with key topologyKey | |
matches that of any node | |
on which any of the selected | |
pods is running. Empty topologyKey | |
is not allowed. | |
type: string | |
required: | |
- topologyKey | |
type: object | |
type: array | |
type: object | |
type: object | |
automountServiceAccountToken: | |
description: AutomountServiceAccountToken | |
indicates whether a service account token | |
should be automatically mounted. | |
type: boolean | |
containers: | |
description: List of containers belonging | |
to the pod. Containers cannot currently | |
be added or removed. There must be at | |
least one container in a Pod. Cannot be | |
updated. | |
items: | |
description: A single application container | |
that you want to run within a pod. | |
properties: | |
args: | |
description: 'Arguments to the entrypoint. | |
The docker image''s CMD is used | |
if this is not provided. Variable | |
references $(VAR_NAME) are expanded | |
using the container''s environment. | |
If a variable cannot be resolved, | |
the reference in the input string | |
will be unchanged. The $(VAR_NAME) | |
syntax can be escaped with a double | |
$$, ie: $$(VAR_NAME). Escaped references | |
will never be expanded, regardless | |
of whether the variable exists or | |
not. Cannot be updated. More info: | |
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
items: | |
type: string | |
type: array | |
command: | |
description: 'Entrypoint array. Not | |
executed within a shell. The docker | |
image''s ENTRYPOINT is used if this | |
is not provided. Variable references | |
$(VAR_NAME) are expanded using the | |
container''s environment. If a variable | |
cannot be resolved, the reference | |
in the input string will be unchanged. | |
The $(VAR_NAME) syntax can be escaped | |
with a double $$, ie: $$(VAR_NAME). | |
Escaped references will never be | |
expanded, regardless of whether | |
the variable exists or not. Cannot | |
be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
items: | |
type: string | |
type: array | |
env: | |
description: List of environment variables | |
to set in the container. Cannot | |
be updated. | |
items: | |
description: EnvVar represents an | |
environment variable present in | |
a Container. | |
properties: | |
name: | |
description: Name of the environment | |
variable. Must be a C_IDENTIFIER. | |
type: string | |
value: | |
description: 'Variable references | |
$(VAR_NAME) are expanded using | |
the previous defined environment | |
variables in the container | |
and any service environment | |
variables. If a variable cannot | |
be resolved, the reference | |
in the input string will be | |
unchanged. The $(VAR_NAME) | |
syntax can be escaped with | |
a double $$, ie: $$(VAR_NAME). | |
Escaped references will never | |
be expanded, regardless of | |
whether the variable exists | |
or not. Defaults to "".' | |
type: string | |
valueFrom: | |
description: Source for the | |
environment variable's value. | |
Cannot be used if value is | |
not empty. | |
properties: | |
configMapKeyRef: | |
description: Selects a key | |
of a ConfigMap. | |
properties: | |
key: | |
description: The key | |
to select. | |
type: string | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the ConfigMap | |
or its key must be | |
defined | |
type: boolean | |
required: | |
- key | |
type: object | |
fieldRef: | |
description: 'Selects a | |
field of the pod: supports | |
metadata.name, metadata.namespace, | |
metadata.labels, metadata.annotations, | |
spec.nodeName, spec.serviceAccountName, | |
status.hostIP, status.podIP.' | |
properties: | |
apiVersion: | |
description: Version | |
of the schema the | |
FieldPath is written | |
in terms of, defaults | |
to "v1". | |
type: string | |
fieldPath: | |
description: Path of | |
the field to select | |
in the specified API | |
version. | |
type: string | |
required: | |
- fieldPath | |
type: object | |
resourceFieldRef: | |
description: 'Selects a | |
resource of the container: | |
only resources limits | |
and requests (limits.cpu, | |
limits.memory, limits.ephemeral-storage, | |
requests.cpu, requests.memory | |
and requests.ephemeral-storage) | |
are currently supported.' | |
properties: | |
containerName: | |
description: 'Container | |
name: required for | |
volumes, optional | |
for env vars' | |
type: string | |
divisor: | |
description: Specifies | |
the output format | |
of the exposed resources, | |
defaults to "1" | |
type: string | |
resource: | |
description: 'Required: | |
resource to select' | |
type: string | |
required: | |
- resource | |
type: object | |
secretKeyRef: | |
description: Selects a key | |
of a secret in the pod's | |
namespace | |
properties: | |
key: | |
description: The key | |
of the secret to select | |
from. Must be a valid | |
secret key. | |
type: string | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the Secret | |
or its key must be | |
defined | |
type: boolean | |
required: | |
- key | |
type: object | |
type: object | |
required: | |
- name | |
type: object | |
type: array | |
envFrom: | |
description: List of sources to populate | |
environment variables in the container. | |
The keys defined within a source | |
must be a C_IDENTIFIER. All invalid | |
keys will be reported as an event | |
when the container is starting. | |
When a key exists in multiple sources, | |
the value associated with the last | |
source will take precedence. Values | |
defined by an Env with a duplicate | |
key will take precedence. Cannot | |
be updated. | |
items: | |
description: EnvFromSource represents | |
the source of a set of ConfigMaps | |
properties: | |
configMapRef: | |
description: The ConfigMap to | |
select from | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, kind, | |
uid?' | |
type: string | |
optional: | |
description: Specify whether | |
the ConfigMap must be | |
defined | |
type: boolean | |
type: object | |
prefix: | |
description: An optional identifier | |
to prepend to each key in | |
the ConfigMap. Must be a C_IDENTIFIER. | |
type: string | |
secretRef: | |
description: The Secret to select | |
from | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, kind, | |
uid?' | |
type: string | |
optional: | |
description: Specify whether | |
the Secret must be defined | |
type: boolean | |
type: object | |
type: object | |
type: array | |
image: | |
description: 'Docker image name. More | |
info: https://kubernetes.io/docs/concepts/containers/images | |
This field is optional to allow | |
higher level config management to | |
default or override container images | |
in workload controllers like Deployments | |
and StatefulSets.' | |
type: string | |
imagePullPolicy: | |
description: 'Image pull policy. One | |
of Always, Never, IfNotPresent. | |
Defaults to Always if :latest tag | |
is specified, or IfNotPresent otherwise. | |
Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' | |
type: string | |
lifecycle: | |
description: Actions that the management | |
system should take in response to | |
container lifecycle events. Cannot | |
be updated. | |
properties: | |
postStart: | |
description: 'PostStart is called | |
immediately after a container | |
is created. If the handler fails, | |
the container is terminated | |
and restarted according to its | |
restart policy. Other management | |
of the container blocks until | |
the hook completes. More info: | |
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
properties: | |
exec: | |
description: One and only | |
one of the following should | |
be specified. Exec specifies | |
the action to take. | |
properties: | |
command: | |
description: Command is | |
the command line to | |
execute inside the container, | |
the working directory | |
for the command is | |
root ('/') in the container's | |
filesystem. The command | |
is simply exec'd, it | |
is not run inside a | |
shell, so traditional | |
shell instructions ('|', | |
etc) won't work. To | |
use a shell, you need | |
to explicitly call out | |
to that shell. Exit | |
status of 0 is treated | |
as live/healthy and | |
non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name | |
to connect to, defaults | |
to the pod IP. You probably | |
want to set "Host" in | |
httpHeaders instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. | |
HTTP allows repeated | |
headers. | |
items: | |
description: HTTPHeader | |
describes a custom | |
header to be used | |
in HTTP probes | |
properties: | |
name: | |
description: The | |
header field name | |
type: string | |
value: | |
description: The | |
header field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: integer | |
description: Name or number | |
of the port to access | |
on the container. Number | |
must be in the range | |
1 to 65535. Name must | |
be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to | |
use for connecting to | |
the host. Defaults to | |
HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP | |
port. TCP hooks not yet | |
supported TODO: implement | |
a realistic TCP lifecycle | |
hook' | |
properties: | |
host: | |
description: 'Optional: | |
Host name to connect | |
to, defaults to the | |
pod IP.' | |
type: string | |
port: | |
type: integer | |
description: Number or | |
name of the port to | |
access on the container. | |
Number must be in the | |
range 1 to 65535. Name | |
must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
type: object | |
preStop: | |
description: 'PreStop is called | |
immediately before a container | |
is terminated due to an API | |
request or management event | |
such as liveness/startup probe | |
failure, preemption, resource | |
contention, etc. The handler | |
is not called if the container | |
crashes or exits. The reason | |
for termination is passed to | |
the handler. The Pod''s termination | |
grace period countdown begins | |
before the PreStop hooked is | |
executed. Regardless of the | |
outcome of the handler, the | |
container will eventually terminate | |
within the Pod''s termination | |
grace period. Other management | |
of the container blocks until | |
the hook completes or until | |
the termination grace period | |
is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
properties: | |
exec: | |
description: One and only | |
one of the following should | |
be specified. Exec specifies | |
the action to take. | |
properties: | |
command: | |
description: Command is | |
the command line to | |
execute inside the container, | |
the working directory | |
for the command is | |
root ('/') in the container's | |
filesystem. The command | |
is simply exec'd, it | |
is not run inside a | |
shell, so traditional | |
shell instructions ('|', | |
etc) won't work. To | |
use a shell, you need | |
to explicitly call out | |
to that shell. Exit | |
status of 0 is treated | |
as live/healthy and | |
non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name | |
to connect to, defaults | |
to the pod IP. You probably | |
want to set "Host" in | |
httpHeaders instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. | |
HTTP allows repeated | |
headers. | |
items: | |
description: HTTPHeader | |
describes a custom | |
header to be used | |
in HTTP probes | |
properties: | |
name: | |
description: The | |
header field name | |
type: string | |
value: | |
description: The | |
header field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access | |
on the container. Number | |
must be in the range | |
1 to 65535. Name must | |
be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to | |
use for connecting to | |
the host. Defaults to | |
HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP | |
port. TCP hooks not yet | |
supported TODO: implement | |
a realistic TCP lifecycle | |
hook' | |
properties: | |
host: | |
description: 'Optional: | |
Host name to connect | |
to, defaults to the | |
pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or | |
name of the port to | |
access on the container. | |
Number must be in the | |
range 1 to 65535. Name | |
must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
type: object | |
type: object | |
livenessProbe: | |
description: 'Periodic probe of container | |
liveness. Container will be restarted | |
if the probe fails. Cannot be updated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
name: | |
description: Name of the container | |
specified as a DNS_LABEL. Each container | |
in a pod must have a unique name | |
(DNS_LABEL). Cannot be updated. | |
type: string | |
ports: | |
description: List of ports to expose | |
from the container. Exposing a port | |
here gives the system additional | |
information about the network connections | |
a container uses, but is primarily | |
informational. Not specifying a | |
port here DOES NOT prevent that | |
port from being exposed. Any port | |
which is listening on the default | |
"0.0.0.0" address inside a container | |
will be accessible from the network. | |
Cannot be updated. | |
items: | |
description: ContainerPort represents | |
a network port in a single container. | |
properties: | |
containerPort: | |
description: Number of port | |
to expose on the pod's IP | |
address. This must be a valid | |
port number, 0 < x < 65536. | |
format: int32 | |
type: integer | |
hostIP: | |
description: What host IP to | |
bind the external port to. | |
type: string | |
hostPort: | |
description: Number of port | |
to expose on the host. If | |
specified, this must be a | |
valid port number, 0 < x < | |
65536. If HostNetwork is specified, | |
this must match ContainerPort. | |
Most containers do not need | |
this. | |
format: int32 | |
type: integer | |
name: | |
description: If specified, this | |
must be an IANA_SVC_NAME and | |
unique within the pod. Each | |
named port in a pod must have | |
a unique name. Name for the | |
port that can be referred | |
to by services. | |
type: string | |
protocol: | |
description: Protocol for port. | |
Must be UDP, TCP, or SCTP. | |
Defaults to "TCP". | |
type: string | |
required: | |
- containerPort | |
type: object | |
type: array | |
readinessProbe: | |
description: 'Periodic probe of container | |
service readiness. Container will | |
be removed from service endpoints | |
if the probe fails. Cannot be updated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
resources: | |
description: 'Compute Resources required | |
by this container. Cannot be updated. | |
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
properties: | |
limits: | |
additionalProperties: | |
type: string | |
description: 'Limits describes | |
the maximum amount of compute | |
resources allowed. More info: | |
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
type: object | |
requests: | |
additionalProperties: | |
type: string | |
description: 'Requests describes | |
the minimum amount of compute | |
resources required. If Requests | |
is omitted for a container, | |
it defaults to Limits if that | |
is explicitly specified, otherwise | |
to an implementation-defined | |
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
type: object | |
type: object | |
securityContext: | |
description: 'Security options the | |
pod should run with. More info: | |
https://kubernetes.io/docs/concepts/policy/security-context/ | |
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' | |
properties: | |
allowPrivilegeEscalation: | |
description: 'AllowPrivilegeEscalation | |
controls whether a process can | |
gain more privileges than its | |
parent process. This bool directly | |
controls if the no_new_privs | |
flag will be set on the container | |
process. AllowPrivilegeEscalation | |
is true always when the container | |
is: 1) run as Privileged 2) | |
has CAP_SYS_ADMIN' | |
type: boolean | |
capabilities: | |
description: The capabilities | |
to add/drop when running containers. | |
Defaults to the default set | |
of capabilities granted by the | |
container runtime. | |
properties: | |
add: | |
description: Added capabilities | |
items: | |
description: Capability | |
represent POSIX capabilities | |
type | |
type: string | |
type: array | |
drop: | |
description: Removed capabilities | |
items: | |
description: Capability | |
represent POSIX capabilities | |
type | |
type: string | |
type: array | |
type: object | |
privileged: | |
description: Run container in | |
privileged mode. Processes in | |
privileged containers are essentially | |
equivalent to root on the host. | |
Defaults to false. | |
type: boolean | |
procMount: | |
description: procMount denotes | |
the type of proc mount to use | |
for the containers. The default | |
is DefaultProcMount which uses | |
the container runtime defaults | |
for readonly paths and masked | |
paths. This requires the ProcMountType | |
feature flag to be enabled. | |
type: string | |
readOnlyRootFilesystem: | |
description: Whether this container | |
has a read-only root filesystem. | |
Default is false. | |
type: boolean | |
runAsGroup: | |
description: The GID to run the | |
entrypoint of the container | |
process. Uses runtime default | |
if unset. May also be set in | |
PodSecurityContext. If set | |
in both SecurityContext and | |
PodSecurityContext, the value | |
specified in SecurityContext | |
takes precedence. | |
format: int64 | |
type: integer | |
runAsNonRoot: | |
description: Indicates that the | |
container must run as a non-root | |
user. If true, the Kubelet will | |
validate the image at runtime | |
to ensure that it does not run | |
as UID 0 (root) and fail to | |
start the container if it does. | |
If unset or false, no such validation | |
will be performed. May also | |
be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
type: boolean | |
runAsUser: | |
description: The UID to run the | |
entrypoint of the container | |
process. Defaults to user specified | |
in image metadata if unspecified. | |
May also be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
format: int64 | |
type: integer | |
seLinuxOptions: | |
description: The SELinux context | |
to be applied to the container. | |
If unspecified, the container | |
runtime will allocate a random | |
SELinux context for each container. May | |
also be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
properties: | |
level: | |
description: Level is SELinux | |
level label that applies | |
to the container. | |
type: string | |
role: | |
description: Role is a SELinux | |
role label that applies | |
to the container. | |
type: string | |
type: | |
description: Type is a SELinux | |
type label that applies | |
to the container. | |
type: string | |
user: | |
description: User is a SELinux | |
user label that applies | |
to the container. | |
type: string | |
type: object | |
windowsOptions: | |
description: The Windows specific | |
settings applied to all containers. | |
If unspecified, the options | |
from the PodSecurityContext | |
will be used. If set in both | |
SecurityContext and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. | |
properties: | |
gmsaCredentialSpec: | |
description: GMSACredentialSpec | |
is where the GMSA admission | |
webhook (https://github.com/kubernetes-sigs/windows-gmsa) | |
inlines the contents of | |
the GMSA credential spec | |
named by the GMSACredentialSpecName | |
field. This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA | |
feature flag. | |
type: string | |
gmsaCredentialSpecName: | |
description: GMSACredentialSpecName | |
is the name of the GMSA | |
credential spec to use. | |
This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA | |
feature flag. | |
type: string | |
runAsUserName: | |
description: The UserName | |
in Windows to run the entrypoint | |
of the container process. | |
Defaults to the user specified | |
in image metadata if unspecified. | |
May also be set in PodSecurityContext. | |
If set in both SecurityContext | |
and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. This field | |
is alpha-level and it is | |
only honored by servers | |
that enable the WindowsRunAsUserName | |
feature flag. | |
type: string | |
type: object | |
type: object | |
startupProbe: | |
description: 'StartupProbe indicates | |
that the Pod has successfully initialized. | |
If specified, no other probes are | |
executed until this completes successfully. | |
If this probe fails, the Pod will | |
be restarted, just as if the livenessProbe | |
failed. This can be used to provide | |
different probe parameters at the | |
beginning of a Pod''s lifecycle, | |
when it might take a long time to | |
load data or warm a cache, than | |
during steady-state operation. This | |
cannot be updated. This is an alpha | |
feature enabled by the StartupProbe | |
feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
stdin: | |
description: Whether this container | |
should allocate a buffer for stdin | |
in the container runtime. If this | |
is not set, reads from stdin in | |
the container will always result | |
in EOF. Default is false. | |
type: boolean | |
stdinOnce: | |
description: Whether the container | |
runtime should close the stdin channel | |
after it has been opened by a single | |
attach. When stdin is true the stdin | |
stream will remain open across multiple | |
attach sessions. If stdinOnce is | |
set to true, stdin is opened on | |
container start, is empty until | |
the first client attaches to stdin, | |
and then remains open and accepts | |
data until the client disconnects, | |
at which time stdin is closed and | |
remains closed until the container | |
is restarted. If this flag is false, | |
a container processes that reads | |
from stdin will never receive an | |
EOF. Default is false | |
type: boolean | |
terminationMessagePath: | |
description: 'Optional: Path at which | |
the file to which the container''s | |
termination message will be written | |
is mounted into the container''s | |
filesystem. Message written is intended | |
to be brief final status, such as | |
an assertion failure message. Will | |
be truncated by the node if greater | |
than 4096 bytes. The total message | |
length across all containers will | |
be limited to 12kb. Defaults to | |
/dev/termination-log. Cannot be | |
updated.' | |
type: string | |
terminationMessagePolicy: | |
description: Indicate how the termination | |
message should be populated. File | |
will use the contents of terminationMessagePath | |
to populate the container status | |
message on both success and failure. | |
FallbackToLogsOnError will use the | |
last chunk of container log output | |
if the termination message file | |
is empty and the container exited | |
with an error. The log output is | |
limited to 2048 bytes or 80 lines, | |
whichever is smaller. Defaults to | |
File. Cannot be updated. | |
type: string | |
tty: | |
description: Whether this container | |
should allocate a TTY for itself, | |
also requires 'stdin' to be true. | |
Default is false. | |
type: boolean | |
volumeDevices: | |
description: volumeDevices is the | |
list of block devices to be used | |
by the container. This is a beta | |
feature. | |
items: | |
description: volumeDevice describes | |
a mapping of a raw block device | |
within a container. | |
properties: | |
devicePath: | |
description: devicePath is the | |
path inside of the container | |
that the device will be mapped | |
to. | |
type: string | |
name: | |
description: name must match | |
the name of a persistentVolumeClaim | |
in the pod | |
type: string | |
required: | |
- devicePath | |
- name | |
type: object | |
type: array | |
volumeMounts: | |
description: Pod volumes to mount | |
into the container's filesystem. | |
Cannot be updated. | |
items: | |
description: VolumeMount describes | |
a mounting of a Volume within | |
a container. | |
properties: | |
mountPath: | |
description: Path within the | |
container at which the volume | |
should be mounted. Must not | |
contain ':'. | |
type: string | |
mountPropagation: | |
description: mountPropagation | |
determines how mounts are | |
propagated from the host to | |
container and the other way | |
around. When not set, MountPropagationNone | |
is used. This field is beta | |
in 1.10. | |
type: string | |
name: | |
description: This must match | |
the Name of a Volume. | |
type: string | |
readOnly: | |
description: Mounted read-only | |
if true, read-write otherwise | |
(false or unspecified). Defaults | |
to false. | |
type: boolean | |
subPath: | |
description: Path within the | |
volume from which the container's | |
volume should be mounted. | |
Defaults to "" (volume's root). | |
type: string | |
subPathExpr: | |
description: Expanded path within | |
the volume from which the | |
container's volume should | |
be mounted. Behaves similarly | |
to SubPath but environment | |
variable references $(VAR_NAME) | |
are expanded using the container's | |
environment. Defaults to "" | |
(volume's root). SubPathExpr | |
and SubPath are mutually exclusive. | |
This field is beta in 1.15. | |
type: string | |
required: | |
- mountPath | |
- name | |
type: object | |
type: array | |
workingDir: | |
description: Container's working directory. | |
If not specified, the container | |
runtime's default will be used, | |
which might be configured in the | |
container image. Cannot be updated. | |
type: string | |
required: | |
- name | |
type: object | |
type: array | |
dnsConfig: | |
description: Specifies the DNS parameters | |
of a pod. Parameters specified here will | |
be merged to the generated DNS configuration | |
based on DNSPolicy. | |
properties: | |
nameservers: | |
description: A list of DNS name server | |
IP addresses. This will be appended | |
to the base nameservers generated | |
from DNSPolicy. Duplicated nameservers | |
will be removed. | |
items: | |
type: string | |
type: array | |
options: | |
description: A list of DNS resolver | |
options. This will be merged with | |
the base options generated from DNSPolicy. | |
Duplicated entries will be removed. | |
Resolution options given in Options | |
will override those that appear in | |
the base DNSPolicy. | |
items: | |
description: PodDNSConfigOption defines | |
DNS resolver options of a pod. | |
properties: | |
name: | |
description: Required. | |
type: string | |
value: | |
type: string | |
type: object | |
type: array | |
searches: | |
description: A list of DNS search domains | |
for host-name lookup. This will be | |
appended to the base search paths | |
generated from DNSPolicy. Duplicated | |
search paths will be removed. | |
items: | |
type: string | |
type: array | |
type: object | |
dnsPolicy: | |
description: Set DNS policy for the pod. | |
Defaults to "ClusterFirst". Valid values | |
are 'ClusterFirstWithHostNet', 'ClusterFirst', | |
'Default' or 'None'. DNS parameters given | |
in DNSConfig will be merged with the policy | |
selected with DNSPolicy. To have DNS options | |
set along with hostNetwork, you have to | |
specify DNS policy explicitly to 'ClusterFirstWithHostNet'. | |
type: string | |
enableServiceLinks: | |
description: 'EnableServiceLinks indicates | |
whether information about services should | |
be injected into pod''s environment variables, | |
matching the syntax of Docker links. Optional: | |
Defaults to true.' | |
type: boolean | |
ephemeralContainers: | |
description: List of ephemeral containers | |
run in this pod. Ephemeral containers | |
may be run in an existing pod to perform | |
user-initiated actions such as debugging. | |
This list cannot be specified when creating | |
a pod, and it cannot be modified by updating | |
the pod spec. In order to add an ephemeral | |
container to an existing pod, use the | |
pod's ephemeralcontainers subresource. | |
This field is alpha-level and is only | |
honored by servers that enable the EphemeralContainers | |
feature. | |
items: | |
description: An EphemeralContainer is | |
a container that may be added temporarily | |
to an existing pod for user-initiated | |
activities such as debugging. Ephemeral | |
containers have no resource or scheduling | |
guarantees, and they will not be restarted | |
when they exit or when a pod is removed | |
or restarted. If an ephemeral container | |
causes a pod to exceed its resource | |
allocation, the pod may be evicted. | |
Ephemeral containers may not be added | |
by directly updating the pod spec. They | |
must be added via the pod's ephemeralcontainers | |
subresource, and they will appear in | |
the pod spec once added. This is an | |
alpha feature enabled by the EphemeralContainers | |
feature flag. | |
properties: | |
args: | |
description: 'Arguments to the entrypoint. | |
The docker image''s CMD is used | |
if this is not provided. Variable | |
references $(VAR_NAME) are expanded | |
using the container''s environment. | |
If a variable cannot be resolved, | |
the reference in the input string | |
will be unchanged. The $(VAR_NAME) | |
syntax can be escaped with a double | |
$$, ie: $$(VAR_NAME). Escaped references | |
will never be expanded, regardless | |
of whether the variable exists or | |
not. Cannot be updated. More info: | |
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
items: | |
type: string | |
type: array | |
command: | |
description: 'Entrypoint array. Not | |
executed within a shell. The docker | |
image''s ENTRYPOINT is used if this | |
is not provided. Variable references | |
$(VAR_NAME) are expanded using the | |
container''s environment. If a variable | |
cannot be resolved, the reference | |
in the input string will be unchanged. | |
The $(VAR_NAME) syntax can be escaped | |
with a double $$, ie: $$(VAR_NAME). | |
Escaped references will never be | |
expanded, regardless of whether | |
the variable exists or not. Cannot | |
be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
items: | |
type: string | |
type: array | |
env: | |
description: List of environment variables | |
to set in the container. Cannot | |
be updated. | |
items: | |
description: EnvVar represents an | |
environment variable present in | |
a Container. | |
properties: | |
name: | |
description: Name of the environment | |
variable. Must be a C_IDENTIFIER. | |
type: string | |
value: | |
description: 'Variable references | |
$(VAR_NAME) are expanded using | |
the previous defined environment | |
variables in the container | |
and any service environment | |
variables. If a variable cannot | |
be resolved, the reference | |
in the input string will be | |
unchanged. The $(VAR_NAME) | |
syntax can be escaped with | |
a double $$, ie: $$(VAR_NAME). | |
Escaped references will never | |
be expanded, regardless of | |
whether the variable exists | |
or not. Defaults to "".' | |
type: string | |
valueFrom: | |
description: Source for the | |
environment variable's value. | |
Cannot be used if value is | |
not empty. | |
properties: | |
configMapKeyRef: | |
description: Selects a key | |
of a ConfigMap. | |
properties: | |
key: | |
description: The key | |
to select. | |
type: string | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the ConfigMap | |
or its key must be | |
defined | |
type: boolean | |
required: | |
- key | |
type: object | |
fieldRef: | |
description: 'Selects a | |
field of the pod: supports | |
metadata.name, metadata.namespace, | |
metadata.labels, metadata.annotations, | |
spec.nodeName, spec.serviceAccountName, | |
status.hostIP, status.podIP.' | |
properties: | |
apiVersion: | |
description: Version | |
of the schema the | |
FieldPath is written | |
in terms of, defaults | |
to "v1". | |
type: string | |
fieldPath: | |
description: Path of | |
the field to select | |
in the specified API | |
version. | |
type: string | |
required: | |
- fieldPath | |
type: object | |
resourceFieldRef: | |
description: 'Selects a | |
resource of the container: | |
only resources limits | |
and requests (limits.cpu, | |
limits.memory, limits.ephemeral-storage, | |
requests.cpu, requests.memory | |
and requests.ephemeral-storage) | |
are currently supported.' | |
properties: | |
containerName: | |
description: 'Container | |
name: required for | |
volumes, optional | |
for env vars' | |
type: string | |
divisor: | |
description: Specifies | |
the output format | |
of the exposed resources, | |
defaults to "1" | |
type: string | |
resource: | |
description: 'Required: | |
resource to select' | |
type: string | |
required: | |
- resource | |
type: object | |
secretKeyRef: | |
description: Selects a key | |
of a secret in the pod's | |
namespace | |
properties: | |
key: | |
description: The key | |
of the secret to select | |
from. Must be a valid | |
secret key. | |
type: string | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the Secret | |
or its key must be | |
defined | |
type: boolean | |
required: | |
- key | |
type: object | |
type: object | |
required: | |
- name | |
type: object | |
type: array | |
envFrom: | |
description: List of sources to populate | |
environment variables in the container. | |
The keys defined within a source | |
must be a C_IDENTIFIER. All invalid | |
keys will be reported as an event | |
when the container is starting. | |
When a key exists in multiple sources, | |
the value associated with the last | |
source will take precedence. Values | |
defined by an Env with a duplicate | |
key will take precedence. Cannot | |
be updated. | |
items: | |
description: EnvFromSource represents | |
the source of a set of ConfigMaps | |
properties: | |
configMapRef: | |
description: The ConfigMap to | |
select from | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, kind, | |
uid?' | |
type: string | |
optional: | |
description: Specify whether | |
the ConfigMap must be | |
defined | |
type: boolean | |
type: object | |
prefix: | |
description: An optional identifier | |
to prepend to each key in | |
the ConfigMap. Must be a C_IDENTIFIER. | |
type: string | |
secretRef: | |
description: The Secret to select | |
from | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, kind, | |
uid?' | |
type: string | |
optional: | |
description: Specify whether | |
the Secret must be defined | |
type: boolean | |
type: object | |
type: object | |
type: array | |
image: | |
description: 'Docker image name. More | |
info: https://kubernetes.io/docs/concepts/containers/images' | |
type: string | |
imagePullPolicy: | |
description: 'Image pull policy. One | |
of Always, Never, IfNotPresent. | |
Defaults to Always if :latest tag | |
is specified, or IfNotPresent otherwise. | |
Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' | |
type: string | |
lifecycle: | |
description: Lifecycle is not allowed | |
for ephemeral containers. | |
properties: | |
postStart: | |
description: 'PostStart is called | |
immediately after a container | |
is created. If the handler fails, | |
the container is terminated | |
and restarted according to its | |
restart policy. Other management | |
of the container blocks until | |
the hook completes. More info: | |
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
properties: | |
exec: | |
description: One and only | |
one of the following should | |
be specified. Exec specifies | |
the action to take. | |
properties: | |
command: | |
description: Command is | |
the command line to | |
execute inside the container, | |
the working directory | |
for the command is | |
root ('/') in the container's | |
filesystem. The command | |
is simply exec'd, it | |
is not run inside a | |
shell, so traditional | |
shell instructions ('|', | |
etc) won't work. To | |
use a shell, you need | |
to explicitly call out | |
to that shell. Exit | |
status of 0 is treated | |
as live/healthy and | |
non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name | |
to connect to, defaults | |
to the pod IP. You probably | |
want to set "Host" in | |
httpHeaders instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. | |
HTTP allows repeated | |
headers. | |
items: | |
description: HTTPHeader | |
describes a custom | |
header to be used | |
in HTTP probes | |
properties: | |
name: | |
description: The | |
header field name | |
type: string | |
value: | |
description: The | |
header field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access | |
on the container. Number | |
must be in the range | |
1 to 65535. Name must | |
be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to | |
use for connecting to | |
the host. Defaults to | |
HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP | |
port. TCP hooks not yet | |
supported TODO: implement | |
a realistic TCP lifecycle | |
hook' | |
properties: | |
host: | |
description: 'Optional: | |
Host name to connect | |
to, defaults to the | |
pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or | |
name of the port to | |
access on the container. | |
Number must be in the | |
range 1 to 65535. Name | |
must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
type: object | |
preStop: | |
description: 'PreStop is called | |
immediately before a container | |
is terminated due to an API | |
request or management event | |
such as liveness/startup probe | |
failure, preemption, resource | |
contention, etc. The handler | |
is not called if the container | |
crashes or exits. The reason | |
for termination is passed to | |
the handler. The Pod''s termination | |
grace period countdown begins | |
before the PreStop hooked is | |
executed. Regardless of the | |
outcome of the handler, the | |
container will eventually terminate | |
within the Pod''s termination | |
grace period. Other management | |
of the container blocks until | |
the hook completes or until | |
the termination grace period | |
is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
properties: | |
exec: | |
description: One and only | |
one of the following should | |
be specified. Exec specifies | |
the action to take. | |
properties: | |
command: | |
description: Command is | |
the command line to | |
execute inside the container, | |
the working directory | |
for the command is | |
root ('/') in the container's | |
filesystem. The command | |
is simply exec'd, it | |
is not run inside a | |
shell, so traditional | |
shell instructions ('|', | |
etc) won't work. To | |
use a shell, you need | |
to explicitly call out | |
to that shell. Exit | |
status of 0 is treated | |
as live/healthy and | |
non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name | |
to connect to, defaults | |
to the pod IP. You probably | |
want to set "Host" in | |
httpHeaders instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. | |
HTTP allows repeated | |
headers. | |
items: | |
description: HTTPHeader | |
describes a custom | |
header to be used | |
in HTTP probes | |
properties: | |
name: | |
description: The | |
header field name | |
type: string | |
value: | |
description: The | |
header field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access | |
on the container. Number | |
must be in the range | |
1 to 65535. Name must | |
be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to | |
use for connecting to | |
the host. Defaults to | |
HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP | |
port. TCP hooks not yet | |
supported TODO: implement | |
a realistic TCP lifecycle | |
hook' | |
properties: | |
host: | |
description: 'Optional: | |
Host name to connect | |
to, defaults to the | |
pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or | |
name of the port to | |
access on the container. | |
Number must be in the | |
range 1 to 65535. Name | |
must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
type: object | |
type: object | |
livenessProbe: | |
description: Probes are not allowed | |
for ephemeral containers. | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
name: | |
description: Name of the ephemeral | |
container specified as a DNS_LABEL. | |
This name must be unique among all | |
containers, init containers and | |
ephemeral containers. | |
type: string | |
ports: | |
description: Ports are not allowed | |
for ephemeral containers. | |
items: | |
description: ContainerPort represents | |
a network port in a single container. | |
properties: | |
containerPort: | |
description: Number of port | |
to expose on the pod's IP | |
address. This must be a valid | |
port number, 0 < x < 65536. | |
format: int32 | |
type: integer | |
hostIP: | |
description: What host IP to | |
bind the external port to. | |
type: string | |
hostPort: | |
description: Number of port | |
to expose on the host. If | |
specified, this must be a | |
valid port number, 0 < x < | |
65536. If HostNetwork is specified, | |
this must match ContainerPort. | |
Most containers do not need | |
this. | |
format: int32 | |
type: integer | |
name: | |
description: If specified, this | |
must be an IANA_SVC_NAME and | |
unique within the pod. Each | |
named port in a pod must have | |
a unique name. Name for the | |
port that can be referred | |
to by services. | |
type: string | |
protocol: | |
description: Protocol for port. | |
Must be UDP, TCP, or SCTP. | |
Defaults to "TCP". | |
type: string | |
required: | |
- containerPort | |
type: object | |
type: array | |
readinessProbe: | |
description: Probes are not allowed | |
for ephemeral containers. | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
resources: | |
description: Resources are not allowed | |
for ephemeral containers. Ephemeral | |
containers use spare resources already | |
allocated to the pod. | |
properties: | |
limits: | |
additionalProperties: | |
type: string | |
description: 'Limits describes | |
the maximum amount of compute | |
resources allowed. More info: | |
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
type: object | |
requests: | |
additionalProperties: | |
type: string | |
description: 'Requests describes | |
the minimum amount of compute | |
resources required. If Requests | |
is omitted for a container, | |
it defaults to Limits if that | |
is explicitly specified, otherwise | |
to an implementation-defined | |
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
type: object | |
type: object | |
securityContext: | |
description: SecurityContext is not | |
allowed for ephemeral containers. | |
properties: | |
allowPrivilegeEscalation: | |
description: 'AllowPrivilegeEscalation | |
controls whether a process can | |
gain more privileges than its | |
parent process. This bool directly | |
controls if the no_new_privs | |
flag will be set on the container | |
process. AllowPrivilegeEscalation | |
is true always when the container | |
is: 1) run as Privileged 2) | |
has CAP_SYS_ADMIN' | |
type: boolean | |
capabilities: | |
description: The capabilities | |
to add/drop when running containers. | |
Defaults to the default set | |
of capabilities granted by the | |
container runtime. | |
properties: | |
add: | |
description: Added capabilities | |
items: | |
description: Capability | |
represent POSIX capabilities | |
type | |
type: string | |
type: array | |
drop: | |
description: Removed capabilities | |
items: | |
description: Capability | |
represent POSIX capabilities | |
type | |
type: string | |
type: array | |
type: object | |
privileged: | |
description: Run container in | |
privileged mode. Processes in | |
privileged containers are essentially | |
equivalent to root on the host. | |
Defaults to false. | |
type: boolean | |
procMount: | |
description: procMount denotes | |
the type of proc mount to use | |
for the containers. The default | |
is DefaultProcMount which uses | |
the container runtime defaults | |
for readonly paths and masked | |
paths. This requires the ProcMountType | |
feature flag to be enabled. | |
type: string | |
readOnlyRootFilesystem: | |
description: Whether this container | |
has a read-only root filesystem. | |
Default is false. | |
type: boolean | |
runAsGroup: | |
description: The GID to run the | |
entrypoint of the container | |
process. Uses runtime default | |
if unset. May also be set in | |
PodSecurityContext. If set | |
in both SecurityContext and | |
PodSecurityContext, the value | |
specified in SecurityContext | |
takes precedence. | |
format: int64 | |
type: integer | |
runAsNonRoot: | |
description: Indicates that the | |
container must run as a non-root | |
user. If true, the Kubelet will | |
validate the image at runtime | |
to ensure that it does not run | |
as UID 0 (root) and fail to | |
start the container if it does. | |
If unset or false, no such validation | |
will be performed. May also | |
be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
type: boolean | |
runAsUser: | |
description: The UID to run the | |
entrypoint of the container | |
process. Defaults to user specified | |
in image metadata if unspecified. | |
May also be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
format: int64 | |
type: integer | |
seLinuxOptions: | |
description: The SELinux context | |
to be applied to the container. | |
If unspecified, the container | |
runtime will allocate a random | |
SELinux context for each container. May | |
also be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
properties: | |
level: | |
description: Level is SELinux | |
level label that applies | |
to the container. | |
type: string | |
role: | |
description: Role is a SELinux | |
role label that applies | |
to the container. | |
type: string | |
type: | |
description: Type is a SELinux | |
type label that applies | |
to the container. | |
type: string | |
user: | |
description: User is a SELinux | |
user label that applies | |
to the container. | |
type: string | |
type: object | |
windowsOptions: | |
description: The Windows specific | |
settings applied to all containers. | |
If unspecified, the options | |
from the PodSecurityContext | |
will be used. If set in both | |
SecurityContext and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. | |
properties: | |
gmsaCredentialSpec: | |
description: GMSACredentialSpec | |
is where the GMSA admission | |
webhook (https://github.com/kubernetes-sigs/windows-gmsa) | |
inlines the contents of | |
the GMSA credential spec | |
named by the GMSACredentialSpecName | |
field. This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA | |
feature flag. | |
type: string | |
gmsaCredentialSpecName: | |
description: GMSACredentialSpecName | |
is the name of the GMSA | |
credential spec to use. | |
This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA | |
feature flag. | |
type: string | |
runAsUserName: | |
description: The UserName | |
in Windows to run the entrypoint | |
of the container process. | |
Defaults to the user specified | |
in image metadata if unspecified. | |
May also be set in PodSecurityContext. | |
If set in both SecurityContext | |
and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. This field | |
is alpha-level and it is | |
only honored by servers | |
that enable the WindowsRunAsUserName | |
feature flag. | |
type: string | |
type: object | |
type: object | |
startupProbe: | |
description: Probes are not allowed | |
for ephemeral containers. | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
stdin: | |
description: Whether this container | |
should allocate a buffer for stdin | |
in the container runtime. If this | |
is not set, reads from stdin in | |
the container will always result | |
in EOF. Default is false. | |
type: boolean | |
stdinOnce: | |
description: Whether the container | |
runtime should close the stdin channel | |
after it has been opened by a single | |
attach. When stdin is true the stdin | |
stream will remain open across multiple | |
attach sessions. If stdinOnce is | |
set to true, stdin is opened on | |
container start, is empty until | |
the first client attaches to stdin, | |
and then remains open and accepts | |
data until the client disconnects, | |
at which time stdin is closed and | |
remains closed until the container | |
is restarted. If this flag is false, | |
a container processes that reads | |
from stdin will never receive an | |
EOF. Default is false | |
type: boolean | |
targetContainerName: | |
description: If set, the name of the | |
container from PodSpec that this | |
ephemeral container targets. The | |
ephemeral container will be run | |
in the namespaces (IPC, PID, etc) | |
of this container. If not set then | |
the ephemeral container is run in | |
whatever namespaces are shared for | |
the pod. Note that the container | |
runtime must support this feature. | |
type: string | |
terminationMessagePath: | |
description: 'Optional: Path at which | |
the file to which the container''s | |
termination message will be written | |
is mounted into the container''s | |
filesystem. Message written is intended | |
to be brief final status, such as | |
an assertion failure message. Will | |
be truncated by the node if greater | |
than 4096 bytes. The total message | |
length across all containers will | |
be limited to 12kb. Defaults to | |
/dev/termination-log. Cannot be | |
updated.' | |
type: string | |
terminationMessagePolicy: | |
description: Indicate how the termination | |
message should be populated. File | |
will use the contents of terminationMessagePath | |
to populate the container status | |
message on both success and failure. | |
FallbackToLogsOnError will use the | |
last chunk of container log output | |
if the termination message file | |
is empty and the container exited | |
with an error. The log output is | |
limited to 2048 bytes or 80 lines, | |
whichever is smaller. Defaults to | |
File. Cannot be updated. | |
type: string | |
tty: | |
description: Whether this container | |
should allocate a TTY for itself, | |
also requires 'stdin' to be true. | |
Default is false. | |
type: boolean | |
volumeDevices: | |
description: volumeDevices is the | |
list of block devices to be used | |
by the container. This is a beta | |
feature. | |
items: | |
description: volumeDevice describes | |
a mapping of a raw block device | |
within a container. | |
properties: | |
devicePath: | |
description: devicePath is the | |
path inside of the container | |
that the device will be mapped | |
to. | |
type: string | |
name: | |
description: name must match | |
the name of a persistentVolumeClaim | |
in the pod | |
type: string | |
required: | |
- devicePath | |
- name | |
type: object | |
type: array | |
volumeMounts: | |
description: Pod volumes to mount | |
into the container's filesystem. | |
Cannot be updated. | |
items: | |
description: VolumeMount describes | |
a mounting of a Volume within | |
a container. | |
properties: | |
mountPath: | |
description: Path within the | |
container at which the volume | |
should be mounted. Must not | |
contain ':'. | |
type: string | |
mountPropagation: | |
description: mountPropagation | |
determines how mounts are | |
propagated from the host to | |
container and the other way | |
around. When not set, MountPropagationNone | |
is used. This field is beta | |
in 1.10. | |
type: string | |
name: | |
description: This must match | |
the Name of a Volume. | |
type: string | |
readOnly: | |
description: Mounted read-only | |
if true, read-write otherwise | |
(false or unspecified). Defaults | |
to false. | |
type: boolean | |
subPath: | |
description: Path within the | |
volume from which the container's | |
volume should be mounted. | |
Defaults to "" (volume's root). | |
type: string | |
subPathExpr: | |
description: Expanded path within | |
the volume from which the | |
container's volume should | |
be mounted. Behaves similarly | |
to SubPath but environment | |
variable references $(VAR_NAME) | |
are expanded using the container's | |
environment. Defaults to "" | |
(volume's root). SubPathExpr | |
and SubPath are mutually exclusive. | |
This field is beta in 1.15. | |
type: string | |
required: | |
- mountPath | |
- name | |
type: object | |
type: array | |
workingDir: | |
description: Container's working directory. | |
If not specified, the container | |
runtime's default will be used, | |
which might be configured in the | |
container image. Cannot be updated. | |
type: string | |
required: | |
- name | |
type: object | |
type: array | |
hostAliases: | |
description: HostAliases is an optional | |
list of hosts and IPs that will be injected | |
into the pod's hosts file if specified. | |
This is only valid for non-hostNetwork | |
pods. | |
items: | |
description: HostAlias holds the mapping | |
between IP and hostnames that will be | |
injected as an entry in the pod's hosts | |
file. | |
properties: | |
hostnames: | |
description: Hostnames for the above | |
IP address. | |
items: | |
type: string | |
type: array | |
ip: | |
description: IP address of the host | |
file entry. | |
type: string | |
type: object | |
type: array | |
hostIPC: | |
description: 'Use the host''s ipc namespace. | |
Optional: Default to false.' | |
type: boolean | |
hostNetwork: | |
description: Host networking requested for | |
this pod. Use the host's network namespace. | |
If this option is set, the ports that | |
will be used must be specified. Default | |
to false. | |
type: boolean | |
hostPID: | |
description: 'Use the host''s pid namespace. | |
Optional: Default to false.' | |
type: boolean | |
hostname: | |
description: Specifies the hostname of the | |
Pod If not specified, the pod's hostname | |
will be set to a system-defined value. | |
type: string | |
imagePullSecrets: | |
description: 'ImagePullSecrets is an optional | |
list of references to secrets in the same | |
namespace to use for pulling any of the | |
images used by this PodSpec. If specified, | |
these secrets will be passed to individual | |
puller implementations for them to use. | |
For example, in the case of docker, only | |
DockerConfig type secrets are honored. | |
More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' | |
items: | |
description: LocalObjectReference contains | |
enough information to let you locate | |
the referenced object inside the same | |
namespace. | |
properties: | |
name: | |
description: 'Name of the referent. | |
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. apiVersion, | |
kind, uid?' | |
type: string | |
type: object | |
type: array | |
initContainers: | |
description: 'List of initialization containers | |
belonging to the pod. Init containers | |
are executed in order prior to containers | |
being started. If any init container fails, | |
the pod is considered to have failed and | |
is handled according to its restartPolicy. | |
The name for an init container or normal | |
container must be unique among all containers. | |
Init containers may not have Lifecycle | |
actions, Readiness probes, Liveness probes, | |
or Startup probes. The resourceRequirements | |
of an init container are taken into account | |
during scheduling by finding the highest | |
request/limit for each resource type, | |
and then using the max of of that value | |
or the sum of the normal containers. Limits | |
are applied to init containers in a similar | |
fashion. Init containers cannot currently | |
be added or removed. Cannot be updated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' | |
items: | |
description: A single application container | |
that you want to run within a pod. | |
properties: | |
args: | |
description: 'Arguments to the entrypoint. | |
The docker image''s CMD is used | |
if this is not provided. Variable | |
references $(VAR_NAME) are expanded | |
using the container''s environment. | |
If a variable cannot be resolved, | |
the reference in the input string | |
will be unchanged. The $(VAR_NAME) | |
syntax can be escaped with a double | |
$$, ie: $$(VAR_NAME). Escaped references | |
will never be expanded, regardless | |
of whether the variable exists or | |
not. Cannot be updated. More info: | |
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
items: | |
type: string | |
type: array | |
command: | |
description: 'Entrypoint array. Not | |
executed within a shell. The docker | |
image''s ENTRYPOINT is used if this | |
is not provided. Variable references | |
$(VAR_NAME) are expanded using the | |
container''s environment. If a variable | |
cannot be resolved, the reference | |
in the input string will be unchanged. | |
The $(VAR_NAME) syntax can be escaped | |
with a double $$, ie: $$(VAR_NAME). | |
Escaped references will never be | |
expanded, regardless of whether | |
the variable exists or not. Cannot | |
be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' | |
items: | |
type: string | |
type: array | |
env: | |
description: List of environment variables | |
to set in the container. Cannot | |
be updated. | |
items: | |
description: EnvVar represents an | |
environment variable present in | |
a Container. | |
properties: | |
name: | |
description: Name of the environment | |
variable. Must be a C_IDENTIFIER. | |
type: string | |
value: | |
description: 'Variable references | |
$(VAR_NAME) are expanded using | |
the previous defined environment | |
variables in the container | |
and any service environment | |
variables. If a variable cannot | |
be resolved, the reference | |
in the input string will be | |
unchanged. The $(VAR_NAME) | |
syntax can be escaped with | |
a double $$, ie: $$(VAR_NAME). | |
Escaped references will never | |
be expanded, regardless of | |
whether the variable exists | |
or not. Defaults to "".' | |
type: string | |
valueFrom: | |
description: Source for the | |
environment variable's value. | |
Cannot be used if value is | |
not empty. | |
properties: | |
configMapKeyRef: | |
description: Selects a key | |
of a ConfigMap. | |
properties: | |
key: | |
description: The key | |
to select. | |
type: string | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the ConfigMap | |
or its key must be | |
defined | |
type: boolean | |
required: | |
- key | |
type: object | |
fieldRef: | |
description: 'Selects a | |
field of the pod: supports | |
metadata.name, metadata.namespace, | |
metadata.labels, metadata.annotations, | |
spec.nodeName, spec.serviceAccountName, | |
status.hostIP, status.podIP.' | |
properties: | |
apiVersion: | |
description: Version | |
of the schema the | |
FieldPath is written | |
in terms of, defaults | |
to "v1". | |
type: string | |
fieldPath: | |
description: Path of | |
the field to select | |
in the specified API | |
version. | |
type: string | |
required: | |
- fieldPath | |
type: object | |
resourceFieldRef: | |
description: 'Selects a | |
resource of the container: | |
only resources limits | |
and requests (limits.cpu, | |
limits.memory, limits.ephemeral-storage, | |
requests.cpu, requests.memory | |
and requests.ephemeral-storage) | |
are currently supported.' | |
properties: | |
containerName: | |
description: 'Container | |
name: required for | |
volumes, optional | |
for env vars' | |
type: string | |
divisor: | |
description: Specifies | |
the output format | |
of the exposed resources, | |
defaults to "1" | |
type: string | |
resource: | |
description: 'Required: | |
resource to select' | |
type: string | |
required: | |
- resource | |
type: object | |
secretKeyRef: | |
description: Selects a key | |
of a secret in the pod's | |
namespace | |
properties: | |
key: | |
description: The key | |
of the secret to select | |
from. Must be a valid | |
secret key. | |
type: string | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the Secret | |
or its key must be | |
defined | |
type: boolean | |
required: | |
- key | |
type: object | |
type: object | |
required: | |
- name | |
type: object | |
type: array | |
envFrom: | |
description: List of sources to populate | |
environment variables in the container. | |
The keys defined within a source | |
must be a C_IDENTIFIER. All invalid | |
keys will be reported as an event | |
when the container is starting. | |
When a key exists in multiple sources, | |
the value associated with the last | |
source will take precedence. Values | |
defined by an Env with a duplicate | |
key will take precedence. Cannot | |
be updated. | |
items: | |
description: EnvFromSource represents | |
the source of a set of ConfigMaps | |
properties: | |
configMapRef: | |
description: The ConfigMap to | |
select from | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, kind, | |
uid?' | |
type: string | |
optional: | |
description: Specify whether | |
the ConfigMap must be | |
defined | |
type: boolean | |
type: object | |
prefix: | |
description: An optional identifier | |
to prepend to each key in | |
the ConfigMap. Must be a C_IDENTIFIER. | |
type: string | |
secretRef: | |
description: The Secret to select | |
from | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, kind, | |
uid?' | |
type: string | |
optional: | |
description: Specify whether | |
the Secret must be defined | |
type: boolean | |
type: object | |
type: object | |
type: array | |
image: | |
description: 'Docker image name. More | |
info: https://kubernetes.io/docs/concepts/containers/images | |
This field is optional to allow | |
higher level config management to | |
default or override container images | |
in workload controllers like Deployments | |
and StatefulSets.' | |
type: string | |
imagePullPolicy: | |
description: 'Image pull policy. One | |
of Always, Never, IfNotPresent. | |
Defaults to Always if :latest tag | |
is specified, or IfNotPresent otherwise. | |
Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' | |
type: string | |
lifecycle: | |
description: Actions that the management | |
system should take in response to | |
container lifecycle events. Cannot | |
be updated. | |
properties: | |
postStart: | |
description: 'PostStart is called | |
immediately after a container | |
is created. If the handler fails, | |
the container is terminated | |
and restarted according to its | |
restart policy. Other management | |
of the container blocks until | |
the hook completes. More info: | |
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
properties: | |
exec: | |
description: One and only | |
one of the following should | |
be specified. Exec specifies | |
the action to take. | |
properties: | |
command: | |
description: Command is | |
the command line to | |
execute inside the container, | |
the working directory | |
for the command is | |
root ('/') in the container's | |
filesystem. The command | |
is simply exec'd, it | |
is not run inside a | |
shell, so traditional | |
shell instructions ('|', | |
etc) won't work. To | |
use a shell, you need | |
to explicitly call out | |
to that shell. Exit | |
status of 0 is treated | |
as live/healthy and | |
non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name | |
to connect to, defaults | |
to the pod IP. You probably | |
want to set "Host" in | |
httpHeaders instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. | |
HTTP allows repeated | |
headers. | |
items: | |
description: HTTPHeader | |
describes a custom | |
header to be used | |
in HTTP probes | |
properties: | |
name: | |
description: The | |
header field name | |
type: string | |
value: | |
description: The | |
header field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access | |
on the container. Number | |
must be in the range | |
1 to 65535. Name must | |
be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to | |
use for connecting to | |
the host. Defaults to | |
HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP | |
port. TCP hooks not yet | |
supported TODO: implement | |
a realistic TCP lifecycle | |
hook' | |
properties: | |
host: | |
description: 'Optional: | |
Host name to connect | |
to, defaults to the | |
pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or | |
name of the port to | |
access on the container. | |
Number must be in the | |
range 1 to 65535. Name | |
must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
type: object | |
preStop: | |
description: 'PreStop is called | |
immediately before a container | |
is terminated due to an API | |
request or management event | |
such as liveness/startup probe | |
failure, preemption, resource | |
contention, etc. The handler | |
is not called if the container | |
crashes or exits. The reason | |
for termination is passed to | |
the handler. The Pod''s termination | |
grace period countdown begins | |
before the PreStop hooked is | |
executed. Regardless of the | |
outcome of the handler, the | |
container will eventually terminate | |
within the Pod''s termination | |
grace period. Other management | |
of the container blocks until | |
the hook completes or until | |
the termination grace period | |
is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' | |
properties: | |
exec: | |
description: One and only | |
one of the following should | |
be specified. Exec specifies | |
the action to take. | |
properties: | |
command: | |
description: Command is | |
the command line to | |
execute inside the container, | |
the working directory | |
for the command is | |
root ('/') in the container's | |
filesystem. The command | |
is simply exec'd, it | |
is not run inside a | |
shell, so traditional | |
shell instructions ('|', | |
etc) won't work. To | |
use a shell, you need | |
to explicitly call out | |
to that shell. Exit | |
status of 0 is treated | |
as live/healthy and | |
non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name | |
to connect to, defaults | |
to the pod IP. You probably | |
want to set "Host" in | |
httpHeaders instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. | |
HTTP allows repeated | |
headers. | |
items: | |
description: HTTPHeader | |
describes a custom | |
header to be used | |
in HTTP probes | |
properties: | |
name: | |
description: The | |
header field name | |
type: string | |
value: | |
description: The | |
header field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access | |
on the container. Number | |
must be in the range | |
1 to 65535. Name must | |
be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to | |
use for connecting to | |
the host. Defaults to | |
HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP | |
port. TCP hooks not yet | |
supported TODO: implement | |
a realistic TCP lifecycle | |
hook' | |
properties: | |
host: | |
description: 'Optional: | |
Host name to connect | |
to, defaults to the | |
pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or | |
name of the port to | |
access on the container. | |
Number must be in the | |
range 1 to 65535. Name | |
must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
type: object | |
type: object | |
livenessProbe: | |
description: 'Periodic probe of container | |
liveness. Container will be restarted | |
if the probe fails. Cannot be updated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
name: | |
description: Name of the container | |
specified as a DNS_LABEL. Each container | |
in a pod must have a unique name | |
(DNS_LABEL). Cannot be updated. | |
type: string | |
ports: | |
description: List of ports to expose | |
from the container. Exposing a port | |
here gives the system additional | |
information about the network connections | |
a container uses, but is primarily | |
informational. Not specifying a | |
port here DOES NOT prevent that | |
port from being exposed. Any port | |
which is listening on the default | |
"0.0.0.0" address inside a container | |
will be accessible from the network. | |
Cannot be updated. | |
items: | |
description: ContainerPort represents | |
a network port in a single container. | |
properties: | |
containerPort: | |
description: Number of port | |
to expose on the pod's IP | |
address. This must be a valid | |
port number, 0 < x < 65536. | |
format: int32 | |
type: integer | |
hostIP: | |
description: What host IP to | |
bind the external port to. | |
type: string | |
hostPort: | |
description: Number of port | |
to expose on the host. If | |
specified, this must be a | |
valid port number, 0 < x < | |
65536. If HostNetwork is specified, | |
this must match ContainerPort. | |
Most containers do not need | |
this. | |
format: int32 | |
type: integer | |
name: | |
description: If specified, this | |
must be an IANA_SVC_NAME and | |
unique within the pod. Each | |
named port in a pod must have | |
a unique name. Name for the | |
port that can be referred | |
to by services. | |
type: string | |
protocol: | |
description: Protocol for port. | |
Must be UDP, TCP, or SCTP. | |
Defaults to "TCP". | |
type: string | |
required: | |
- containerPort | |
type: object | |
type: array | |
readinessProbe: | |
description: 'Periodic probe of container | |
service readiness. Container will | |
be removed from service endpoints | |
if the probe fails. Cannot be updated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
resources: | |
description: 'Compute Resources required | |
by this container. Cannot be updated. | |
More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
properties: | |
limits: | |
additionalProperties: | |
type: string | |
description: 'Limits describes | |
the maximum amount of compute | |
resources allowed. More info: | |
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
type: object | |
requests: | |
additionalProperties: | |
type: string | |
description: 'Requests describes | |
the minimum amount of compute | |
resources required. If Requests | |
is omitted for a container, | |
it defaults to Limits if that | |
is explicitly specified, otherwise | |
to an implementation-defined | |
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' | |
type: object | |
type: object | |
securityContext: | |
description: 'Security options the | |
pod should run with. More info: | |
https://kubernetes.io/docs/concepts/policy/security-context/ | |
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' | |
properties: | |
allowPrivilegeEscalation: | |
description: 'AllowPrivilegeEscalation | |
controls whether a process can | |
gain more privileges than its | |
parent process. This bool directly | |
controls if the no_new_privs | |
flag will be set on the container | |
process. AllowPrivilegeEscalation | |
is true always when the container | |
is: 1) run as Privileged 2) | |
has CAP_SYS_ADMIN' | |
type: boolean | |
capabilities: | |
description: The capabilities | |
to add/drop when running containers. | |
Defaults to the default set | |
of capabilities granted by the | |
container runtime. | |
properties: | |
add: | |
description: Added capabilities | |
items: | |
description: Capability | |
represent POSIX capabilities | |
type | |
type: string | |
type: array | |
drop: | |
description: Removed capabilities | |
items: | |
description: Capability | |
represent POSIX capabilities | |
type | |
type: string | |
type: array | |
type: object | |
privileged: | |
description: Run container in | |
privileged mode. Processes in | |
privileged containers are essentially | |
equivalent to root on the host. | |
Defaults to false. | |
type: boolean | |
procMount: | |
description: procMount denotes | |
the type of proc mount to use | |
for the containers. The default | |
is DefaultProcMount which uses | |
the container runtime defaults | |
for readonly paths and masked | |
paths. This requires the ProcMountType | |
feature flag to be enabled. | |
type: string | |
readOnlyRootFilesystem: | |
description: Whether this container | |
has a read-only root filesystem. | |
Default is false. | |
type: boolean | |
runAsGroup: | |
description: The GID to run the | |
entrypoint of the container | |
process. Uses runtime default | |
if unset. May also be set in | |
PodSecurityContext. If set | |
in both SecurityContext and | |
PodSecurityContext, the value | |
specified in SecurityContext | |
takes precedence. | |
format: int64 | |
type: integer | |
runAsNonRoot: | |
description: Indicates that the | |
container must run as a non-root | |
user. If true, the Kubelet will | |
validate the image at runtime | |
to ensure that it does not run | |
as UID 0 (root) and fail to | |
start the container if it does. | |
If unset or false, no such validation | |
will be performed. May also | |
be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
type: boolean | |
runAsUser: | |
description: The UID to run the | |
entrypoint of the container | |
process. Defaults to user specified | |
in image metadata if unspecified. | |
May also be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
format: int64 | |
type: integer | |
seLinuxOptions: | |
description: The SELinux context | |
to be applied to the container. | |
If unspecified, the container | |
runtime will allocate a random | |
SELinux context for each container. May | |
also be set in PodSecurityContext. If | |
set in both SecurityContext | |
and PodSecurityContext, the | |
value specified in SecurityContext | |
takes precedence. | |
properties: | |
level: | |
description: Level is SELinux | |
level label that applies | |
to the container. | |
type: string | |
role: | |
description: Role is a SELinux | |
role label that applies | |
to the container. | |
type: string | |
type: | |
description: Type is a SELinux | |
type label that applies | |
to the container. | |
type: string | |
user: | |
description: User is a SELinux | |
user label that applies | |
to the container. | |
type: string | |
type: object | |
windowsOptions: | |
description: The Windows specific | |
settings applied to all containers. | |
If unspecified, the options | |
from the PodSecurityContext | |
will be used. If set in both | |
SecurityContext and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. | |
properties: | |
gmsaCredentialSpec: | |
description: GMSACredentialSpec | |
is where the GMSA admission | |
webhook (https://github.com/kubernetes-sigs/windows-gmsa) | |
inlines the contents of | |
the GMSA credential spec | |
named by the GMSACredentialSpecName | |
field. This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA | |
feature flag. | |
type: string | |
gmsaCredentialSpecName: | |
description: GMSACredentialSpecName | |
is the name of the GMSA | |
credential spec to use. | |
This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA | |
feature flag. | |
type: string | |
runAsUserName: | |
description: The UserName | |
in Windows to run the entrypoint | |
of the container process. | |
Defaults to the user specified | |
in image metadata if unspecified. | |
May also be set in PodSecurityContext. | |
If set in both SecurityContext | |
and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. This field | |
is alpha-level and it is | |
only honored by servers | |
that enable the WindowsRunAsUserName | |
feature flag. | |
type: string | |
type: object | |
type: object | |
startupProbe: | |
description: 'StartupProbe indicates | |
that the Pod has successfully initialized. | |
If specified, no other probes are | |
executed until this completes successfully. | |
If this probe fails, the Pod will | |
be restarted, just as if the livenessProbe | |
failed. This can be used to provide | |
different probe parameters at the | |
beginning of a Pod''s lifecycle, | |
when it might take a long time to | |
load data or warm a cache, than | |
during steady-state operation. This | |
cannot be updated. This is an alpha | |
feature enabled by the StartupProbe | |
feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
properties: | |
exec: | |
description: One and only one | |
of the following should be specified. | |
Exec specifies the action to | |
take. | |
properties: | |
command: | |
description: Command is the | |
command line to execute | |
inside the container, the | |
working directory for the | |
command is root ('/') in | |
the container's filesystem. | |
The command is simply exec'd, | |
it is not run inside a shell, | |
so traditional shell instructions | |
('|', etc) won't work. To | |
use a shell, you need to | |
explicitly call out to that | |
shell. Exit status of 0 | |
is treated as live/healthy | |
and non-zero is unhealthy. | |
items: | |
type: string | |
type: array | |
type: object | |
failureThreshold: | |
description: Minimum consecutive | |
failures for the probe to be | |
considered failed after having | |
succeeded. Defaults to 3. Minimum | |
value is 1. | |
format: int32 | |
type: integer | |
httpGet: | |
description: HTTPGet specifies | |
the http request to perform. | |
properties: | |
host: | |
description: Host name to | |
connect to, defaults to | |
the pod IP. You probably | |
want to set "Host" in httpHeaders | |
instead. | |
type: string | |
httpHeaders: | |
description: Custom headers | |
to set in the request. HTTP | |
allows repeated headers. | |
items: | |
description: HTTPHeader | |
describes a custom header | |
to be used in HTTP probes | |
properties: | |
name: | |
description: The header | |
field name | |
type: string | |
value: | |
description: The header | |
field value | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
path: | |
description: Path to access | |
on the HTTP server. | |
type: string | |
port: | |
type: string | |
description: Name or number | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
scheme: | |
description: Scheme to use | |
for connecting to the host. | |
Defaults to HTTP. | |
type: string | |
required: | |
- port | |
type: object | |
initialDelaySeconds: | |
description: 'Number of seconds | |
after the container has started | |
before liveness probes are initiated. | |
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
periodSeconds: | |
description: How often (in seconds) | |
to perform the probe. Default | |
to 10 seconds. Minimum value | |
is 1. | |
format: int32 | |
type: integer | |
successThreshold: | |
description: Minimum consecutive | |
successes for the probe to be | |
considered successful after | |
having failed. Defaults to 1. | |
Must be 1 for liveness and startup. | |
Minimum value is 1. | |
format: int32 | |
type: integer | |
tcpSocket: | |
description: 'TCPSocket specifies | |
an action involving a TCP port. | |
TCP hooks not yet supported | |
TODO: implement a realistic | |
TCP lifecycle hook' | |
properties: | |
host: | |
description: 'Optional: Host | |
name to connect to, defaults | |
to the pod IP.' | |
type: string | |
port: | |
type: string | |
description: Number or name | |
of the port to access on | |
the container. Number must | |
be in the range 1 to 65535. | |
Name must be an IANA_SVC_NAME. | |
required: | |
- port | |
type: object | |
timeoutSeconds: | |
description: 'Number of seconds | |
after which the probe times | |
out. Defaults to 1 second. Minimum | |
value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' | |
format: int32 | |
type: integer | |
type: object | |
stdin: | |
description: Whether this container | |
should allocate a buffer for stdin | |
in the container runtime. If this | |
is not set, reads from stdin in | |
the container will always result | |
in EOF. Default is false. | |
type: boolean | |
stdinOnce: | |
description: Whether the container | |
runtime should close the stdin channel | |
after it has been opened by a single | |
attach. When stdin is true the stdin | |
stream will remain open across multiple | |
attach sessions. If stdinOnce is | |
set to true, stdin is opened on | |
container start, is empty until | |
the first client attaches to stdin, | |
and then remains open and accepts | |
data until the client disconnects, | |
at which time stdin is closed and | |
remains closed until the container | |
is restarted. If this flag is false, | |
a container processes that reads | |
from stdin will never receive an | |
EOF. Default is false | |
type: boolean | |
terminationMessagePath: | |
description: 'Optional: Path at which | |
the file to which the container''s | |
termination message will be written | |
is mounted into the container''s | |
filesystem. Message written is intended | |
to be brief final status, such as | |
an assertion failure message. Will | |
be truncated by the node if greater | |
than 4096 bytes. The total message | |
length across all containers will | |
be limited to 12kb. Defaults to | |
/dev/termination-log. Cannot be | |
updated.' | |
type: string | |
terminationMessagePolicy: | |
description: Indicate how the termination | |
message should be populated. File | |
will use the contents of terminationMessagePath | |
to populate the container status | |
message on both success and failure. | |
FallbackToLogsOnError will use the | |
last chunk of container log output | |
if the termination message file | |
is empty and the container exited | |
with an error. The log output is | |
limited to 2048 bytes or 80 lines, | |
whichever is smaller. Defaults to | |
File. Cannot be updated. | |
type: string | |
tty: | |
description: Whether this container | |
should allocate a TTY for itself, | |
also requires 'stdin' to be true. | |
Default is false. | |
type: boolean | |
volumeDevices: | |
description: volumeDevices is the | |
list of block devices to be used | |
by the container. This is a beta | |
feature. | |
items: | |
description: volumeDevice describes | |
a mapping of a raw block device | |
within a container. | |
properties: | |
devicePath: | |
description: devicePath is the | |
path inside of the container | |
that the device will be mapped | |
to. | |
type: string | |
name: | |
description: name must match | |
the name of a persistentVolumeClaim | |
in the pod | |
type: string | |
required: | |
- devicePath | |
- name | |
type: object | |
type: array | |
volumeMounts: | |
description: Pod volumes to mount | |
into the container's filesystem. | |
Cannot be updated. | |
items: | |
description: VolumeMount describes | |
a mounting of a Volume within | |
a container. | |
properties: | |
mountPath: | |
description: Path within the | |
container at which the volume | |
should be mounted. Must not | |
contain ':'. | |
type: string | |
mountPropagation: | |
description: mountPropagation | |
determines how mounts are | |
propagated from the host to | |
container and the other way | |
around. When not set, MountPropagationNone | |
is used. This field is beta | |
in 1.10. | |
type: string | |
name: | |
description: This must match | |
the Name of a Volume. | |
type: string | |
readOnly: | |
description: Mounted read-only | |
if true, read-write otherwise | |
(false or unspecified). Defaults | |
to false. | |
type: boolean | |
subPath: | |
description: Path within the | |
volume from which the container's | |
volume should be mounted. | |
Defaults to "" (volume's root). | |
type: string | |
subPathExpr: | |
description: Expanded path within | |
the volume from which the | |
container's volume should | |
be mounted. Behaves similarly | |
to SubPath but environment | |
variable references $(VAR_NAME) | |
are expanded using the container's | |
environment. Defaults to "" | |
(volume's root). SubPathExpr | |
and SubPath are mutually exclusive. | |
This field is beta in 1.15. | |
type: string | |
required: | |
- mountPath | |
- name | |
type: object | |
type: array | |
workingDir: | |
description: Container's working directory. | |
If not specified, the container | |
runtime's default will be used, | |
which might be configured in the | |
container image. Cannot be updated. | |
type: string | |
required: | |
- name | |
type: object | |
type: array | |
nodeName: | |
description: NodeName is a request to schedule | |
this pod onto a specific node. If it is | |
non-empty, the scheduler simply schedules | |
this pod onto that node, assuming that | |
it fits resource requirements. | |
type: string | |
nodeSelector: | |
additionalProperties: | |
type: string | |
description: 'NodeSelector is a selector | |
which must be true for the pod to fit | |
on a node. Selector which must match a | |
node''s labels for the pod to be scheduled | |
on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' | |
type: object | |
overhead: | |
additionalProperties: | |
type: string | |
description: 'Overhead represents the resource | |
overhead associated with running a pod | |
for a given RuntimeClass. This field will | |
be autopopulated at admission time by | |
the RuntimeClass admission controller. | |
If the RuntimeClass admission controller | |
is enabled, overhead must not be set in | |
Pod create requests. The RuntimeClass | |
admission controller will reject Pod create | |
requests which have the overhead already | |
set. If RuntimeClass is configured and | |
selected in the PodSpec, Overhead will | |
be set to the value defined in the corresponding | |
RuntimeClass, otherwise it will remain | |
unset and treated as zero. More info: | |
https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md | |
This field is alpha-level as of Kubernetes | |
v1.16, and is only honored by servers | |
that enable the PodOverhead feature.' | |
type: object | |
preemptionPolicy: | |
description: PreemptionPolicy is the Policy | |
for preempting pods with lower priority. | |
One of Never, PreemptLowerPriority. Defaults | |
to PreemptLowerPriority if unset. This | |
field is alpha-level and is only honored | |
by servers that enable the NonPreemptingPriority | |
feature. | |
type: string | |
priority: | |
description: The priority value. Various | |
system components use this field to find | |
the priority of the pod. When Priority | |
Admission Controller is enabled, it prevents | |
users from setting this field. The admission | |
controller populates this field from PriorityClassName. | |
The higher the value, the higher the priority. | |
format: int32 | |
type: integer | |
priorityClassName: | |
description: If specified, indicates the | |
pod's priority. "system-node-critical" | |
and "system-cluster-critical" are two | |
special keywords which indicate the highest | |
priorities with the former being the highest | |
priority. Any other name must be defined | |
by creating a PriorityClass object with | |
that name. If not specified, the pod priority | |
will be default or zero if there is no | |
default. | |
type: string | |
readinessGates: | |
description: 'If specified, all readiness | |
gates will be evaluated for pod readiness. | |
A pod is ready when all its containers | |
are ready AND all conditions specified | |
in the readiness gates have status equal | |
to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' | |
items: | |
description: PodReadinessGate contains | |
the reference to a pod condition | |
properties: | |
conditionType: | |
description: ConditionType refers | |
to a condition in the pod's condition | |
list with matching type. | |
type: string | |
required: | |
- conditionType | |
type: object | |
type: array | |
restartPolicy: | |
description: 'Restart policy for all containers | |
within the pod. One of Always, OnFailure, | |
Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' | |
type: string | |
runtimeClassName: | |
description: 'RuntimeClassName refers to | |
a RuntimeClass object in the node.k8s.io | |
group, which should be used to run this | |
pod. If no RuntimeClass resource matches | |
the named class, the pod will not be run. | |
If unset or empty, the "legacy" RuntimeClass | |
will be used, which is an implicit class | |
with an empty definition that uses the | |
default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md | |
This is a beta feature as of Kubernetes | |
v1.14.' | |
type: string | |
schedulerName: | |
description: If specified, the pod will | |
be dispatched by specified scheduler. | |
If not specified, the pod will be dispatched | |
by default scheduler. | |
type: string | |
securityContext: | |
description: 'SecurityContext holds pod-level | |
security attributes and common container | |
settings. Optional: Defaults to empty. See | |
type description for default values of | |
each field.' | |
properties: | |
fsGroup: | |
description: "A special supplemental | |
group that applies to all containers | |
in a pod. Some volume types allow | |
the Kubelet to change the ownership | |
of that volume to be owned by the | |
pod: \n 1. The owning GID will be | |
the FSGroup 2. The setgid bit is set | |
(new files created in the volume will | |
be owned by FSGroup) 3. The permission | |
bits are OR'd with rw-rw---- \n If | |
unset, the Kubelet will not modify | |
the ownership and permissions of any | |
volume." | |
format: int64 | |
type: integer | |
runAsGroup: | |
description: The GID to run the entrypoint | |
of the container process. Uses runtime | |
default if unset. May also be set | |
in SecurityContext. If set in both | |
SecurityContext and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence for that container. | |
format: int64 | |
type: integer | |
runAsNonRoot: | |
description: Indicates that the container | |
must run as a non-root user. If true, | |
the Kubelet will validate the image | |
at runtime to ensure that it does | |
not run as UID 0 (root) and fail to | |
start the container if it does. If | |
unset or false, no such validation | |
will be performed. May also be set | |
in SecurityContext. If set in both | |
SecurityContext and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. | |
type: boolean | |
runAsUser: | |
description: The UID to run the entrypoint | |
of the container process. Defaults | |
to user specified in image metadata | |
if unspecified. May also be set in | |
SecurityContext. If set in both SecurityContext | |
and PodSecurityContext, the value | |
specified in SecurityContext takes | |
precedence for that container. | |
format: int64 | |
type: integer | |
seLinuxOptions: | |
description: The SELinux context to | |
be applied to all containers. If unspecified, | |
the container runtime will allocate | |
a random SELinux context for each | |
container. May also be set in SecurityContext. If | |
set in both SecurityContext and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence for that container. | |
properties: | |
level: | |
description: Level is SELinux level | |
label that applies to the container. | |
type: string | |
role: | |
description: Role is a SELinux role | |
label that applies to the container. | |
type: string | |
type: | |
description: Type is a SELinux type | |
label that applies to the container. | |
type: string | |
user: | |
description: User is a SELinux user | |
label that applies to the container. | |
type: string | |
type: object | |
supplementalGroups: | |
description: A list of groups applied | |
to the first process run in each container, | |
in addition to the container's primary | |
GID. If unspecified, no groups will | |
be added to any container. | |
items: | |
format: int64 | |
type: integer | |
type: array | |
sysctls: | |
description: Sysctls hold a list of | |
namespaced sysctls used for the pod. | |
Pods with unsupported sysctls (by | |
the container runtime) might fail | |
to launch. | |
items: | |
description: Sysctl defines a kernel | |
parameter to be set | |
properties: | |
name: | |
description: Name of a property | |
to set | |
type: string | |
value: | |
description: Value of a property | |
to set | |
type: string | |
required: | |
- name | |
- value | |
type: object | |
type: array | |
windowsOptions: | |
description: The Windows specific settings | |
applied to all containers. If unspecified, | |
the options within a container's SecurityContext | |
will be used. If set in both SecurityContext | |
and PodSecurityContext, the value | |
specified in SecurityContext takes | |
precedence. | |
properties: | |
gmsaCredentialSpec: | |
description: GMSACredentialSpec | |
is where the GMSA admission webhook | |
(https://github.com/kubernetes-sigs/windows-gmsa) | |
inlines the contents of the GMSA | |
credential spec named by the GMSACredentialSpecName | |
field. This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA feature | |
flag. | |
type: string | |
gmsaCredentialSpecName: | |
description: GMSACredentialSpecName | |
is the name of the GMSA credential | |
spec to use. This field is alpha-level | |
and is only honored by servers | |
that enable the WindowsGMSA feature | |
flag. | |
type: string | |
runAsUserName: | |
description: The UserName in Windows | |
to run the entrypoint of the container | |
process. Defaults to the user | |
specified in image metadata if | |
unspecified. May also be set in | |
PodSecurityContext. If set in | |
both SecurityContext and PodSecurityContext, | |
the value specified in SecurityContext | |
takes precedence. This field is | |
alpha-level and it is only honored | |
by servers that enable the WindowsRunAsUserName | |
feature flag. | |
type: string | |
type: object | |
type: object | |
serviceAccount: | |
description: 'DeprecatedServiceAccount is | |
a depreciated alias for ServiceAccountName. | |
Deprecated: Use serviceAccountName instead.' | |
type: string | |
serviceAccountName: | |
description: 'ServiceAccountName is the | |
name of the ServiceAccount to use to run | |
this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' | |
type: string | |
shareProcessNamespace: | |
description: 'Share a single process namespace | |
between all of the containers in a pod. | |
When this is set containers will be able | |
to view and signal processes from other | |
containers in the same pod, and the first | |
process in each container will not be | |
assigned PID 1. HostPID and ShareProcessNamespace | |
cannot both be set. Optional: Default | |
to false. This field is beta-level and | |
may be disabled with the PodShareProcessNamespace | |
feature.' | |
type: boolean | |
subdomain: | |
description: If specified, the fully qualified | |
Pod hostname will be "<hostname>.<subdomain>.<pod | |
namespace>.svc.<cluster domain>". If not | |
specified, the pod will not have a domainname | |
at all. | |
type: string | |
terminationGracePeriodSeconds: | |
description: Optional duration in seconds | |
the pod needs to terminate gracefully. | |
May be decreased in delete request. Value | |
must be non-negative integer. The value | |
zero indicates delete immediately. If | |
this value is nil, the default grace period | |
will be used instead. The grace period | |
is the duration in seconds after the processes | |
running in the pod are sent a termination | |
signal and the time when the processes | |
are forcibly halted with a kill signal. | |
Set this value longer than the expected | |
cleanup time for your process. Defaults | |
to 30 seconds. | |
format: int64 | |
type: integer | |
tolerations: | |
description: If specified, the pod's tolerations. | |
items: | |
description: The pod this Toleration is | |
attached to tolerates any taint that | |
matches the triple <key,value,effect> | |
using the matching operator <operator>. | |
properties: | |
effect: | |
description: Effect indicates the | |
taint effect to match. Empty means | |
match all taint effects. When specified, | |
allowed values are NoSchedule, PreferNoSchedule | |
and NoExecute. | |
type: string | |
key: | |
description: Key is the taint key | |
that the toleration applies to. | |
Empty means match all taint keys. | |
If the key is empty, operator must | |
be Exists; this combination means | |
to match all values and all keys. | |
type: string | |
operator: | |
description: Operator represents a | |
key's relationship to the value. | |
Valid operators are Exists and Equal. | |
Defaults to Equal. Exists is equivalent | |
to wildcard for value, so that a | |
pod can tolerate all taints of a | |
particular category. | |
type: string | |
tolerationSeconds: | |
description: TolerationSeconds represents | |
the period of time the toleration | |
(which must be of effect NoExecute, | |
otherwise this field is ignored) | |
tolerates the taint. By default, | |
it is not set, which means tolerate | |
the taint forever (do not evict). | |
Zero and negative values will be | |
treated as 0 (evict immediately) | |
by the system. | |
format: int64 | |
type: integer | |
value: | |
description: Value is the taint value | |
the toleration matches to. If the | |
operator is Exists, the value should | |
be empty, otherwise just a regular | |
string. | |
type: string | |
type: object | |
type: array | |
topologySpreadConstraints: | |
description: TopologySpreadConstraints describes | |
how a group of pods ought to spread across | |
topology domains. Scheduler will schedule | |
pods in a way which abides by the constraints. | |
This field is alpha-level and is only | |
honored by clusters that enables the EvenPodsSpread | |
feature. All topologySpreadConstraints | |
are ANDed. | |
items: | |
description: TopologySpreadConstraint | |
specifies how to spread matching pods | |
among the given topology. | |
properties: | |
labelSelector: | |
description: LabelSelector is used | |
to find matching pods. Pods that | |
match this label selector are counted | |
to determine the number of pods | |
in their corresponding topology | |
domain. | |
properties: | |
matchExpressions: | |
description: matchExpressions | |
is a list of label selector | |
requirements. The requirements | |
are ANDed. | |
items: | |
description: A label selector | |
requirement is a selector | |
that contains values, a key, | |
and an operator that relates | |
the key and values. | |
properties: | |
key: | |
description: key is the | |
label key that the selector | |
applies to. | |
type: string | |
operator: | |
description: operator represents | |
a key's relationship to | |
a set of values. Valid | |
operators are In, NotIn, | |
Exists and DoesNotExist. | |
type: string | |
values: | |
description: values is an | |
array of string values. | |
If the operator is In | |
or NotIn, the values array | |
must be non-empty. If | |
the operator is Exists | |
or DoesNotExist, the values | |
array must be empty. This | |
array is replaced during | |
a strategic merge patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchLabels: | |
additionalProperties: | |
type: string | |
description: matchLabels is a | |
map of {key,value} pairs. A | |
single {key,value} in the matchLabels | |
map is equivalent to an element | |
of matchExpressions, whose key | |
field is "key", the operator | |
is "In", and the values array | |
contains only "value". The requirements | |
are ANDed. | |
type: object | |
type: object | |
maxSkew: | |
description: 'MaxSkew describes the | |
degree to which pods may be unevenly | |
distributed. It''s the maximum permitted | |
difference between the number of | |
matching pods in any two topology | |
domains of a given topology type. | |
For example, in a 3-zone cluster, | |
MaxSkew is set to 1, and pods with | |
the same labelSelector spread as | |
1/1/0: | zone1 | zone2 | zone3 | | |
| P | P | | - if MaxSkew | |
is 1, incoming pod can only be scheduled | |
to zone3 to become 1/1/1; scheduling | |
it onto zone1(zone2) would make | |
the ActualSkew(2-0) on zone1(zone2) | |
violate MaxSkew(1). - if MaxSkew | |
is 2, incoming pod can be scheduled | |
onto any zone. It''s a required | |
field. Default value is 1 and 0 | |
is not allowed.' | |
format: int32 | |
type: integer | |
topologyKey: | |
description: TopologyKey is the key | |
of node labels. Nodes that have | |
a label with this key and identical | |
values are considered to be in the | |
same topology. We consider each | |
<key, value> as a "bucket", and | |
try to put balanced number of pods | |
into each bucket. It's a required | |
field. | |
type: string | |
whenUnsatisfiable: | |
description: 'WhenUnsatisfiable indicates | |
how to deal with a pod if it doesn''t | |
satisfy the spread constraint. - | |
DoNotSchedule (default) tells the | |
scheduler not to schedule it - ScheduleAnyway | |
tells the scheduler to still schedule | |
it It''s considered as "Unsatisfiable" | |
if and only if placing incoming | |
pod on any topology violates "MaxSkew". | |
For example, in a 3-zone cluster, | |
MaxSkew is set to 1, and pods with | |
the same labelSelector spread as | |
3/1/1: | zone1 | zone2 | zone3 | | |
| P P P | P | P | If WhenUnsatisfiable | |
is set to DoNotSchedule, incoming | |
pod can only be scheduled to zone2(zone3) | |
to become 3/2/1(3/1/2) as ActualSkew(2-1) | |
on zone2(zone3) satisfies MaxSkew(1). | |
In other words, the cluster can | |
still be imbalanced, but scheduler | |
won''t make it *more* imbalanced. | |
It''s a required field.' | |
type: string | |
required: | |
- maxSkew | |
- topologyKey | |
- whenUnsatisfiable | |
type: object | |
type: array | |
volumes: | |
description: 'List of volumes that can be | |
mounted by containers belonging to the | |
pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' | |
items: | |
description: Volume represents a named | |
volume in a pod that may be accessed | |
by any container in the pod. | |
properties: | |
awsElasticBlockStore: | |
description: 'AWSElasticBlockStore | |
represents an AWS Disk resource | |
that is attached to a kubelet''s | |
host machine and then exposed to | |
the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' | |
properties: | |
fsType: | |
description: 'Filesystem type | |
of the volume that you want | |
to mount. Tip: Ensure that the | |
filesystem type is supported | |
by the host operating system. | |
Examples: "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore | |
TODO: how do we prevent errors | |
in the filesystem from compromising | |
the machine' | |
type: string | |
partition: | |
description: 'The partition in | |
the volume that you want to | |
mount. If omitted, the default | |
is to mount by volume name. | |
Examples: For volume /dev/sda1, | |
you specify the partition as | |
"1". Similarly, the volume partition | |
for /dev/sda is "0" (or you | |
can leave the property empty).' | |
format: int32 | |
type: integer | |
readOnly: | |
description: 'Specify "true" to | |
force and set the ReadOnly property | |
in VolumeMounts to "true". If | |
omitted, the default is "false". | |
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' | |
type: boolean | |
volumeID: | |
description: 'Unique ID of the | |
persistent disk resource in | |
AWS (Amazon EBS volume). More | |
info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' | |
type: string | |
required: | |
- volumeID | |
type: object | |
azureDisk: | |
description: AzureDisk represents | |
an Azure Data Disk mount on the | |
host and bind mount to the pod. | |
properties: | |
cachingMode: | |
description: 'Host Caching mode: | |
None, Read Only, Read Write.' | |
type: string | |
diskName: | |
description: The Name of the data | |
disk in the blob storage | |
type: string | |
diskURI: | |
description: The URI the data | |
disk in the blob storage | |
type: string | |
fsType: | |
description: Filesystem type to | |
mount. Must be a filesystem | |
type supported by the host operating | |
system. Ex. "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. | |
type: string | |
kind: | |
description: 'Expected values | |
Shared: multiple blob disks | |
per storage account Dedicated: | |
single blob disk per storage | |
account Managed: azure managed | |
data disk (only in managed availability | |
set). defaults to shared' | |
type: string | |
readOnly: | |
description: Defaults to false | |
(read/write). ReadOnly here | |
will force the ReadOnly setting | |
in VolumeMounts. | |
type: boolean | |
required: | |
- diskName | |
- diskURI | |
type: object | |
azureFile: | |
description: AzureFile represents | |
an Azure File Service mount on the | |
host and bind mount to the pod. | |
properties: | |
readOnly: | |
description: Defaults to false | |
(read/write). ReadOnly here | |
will force the ReadOnly setting | |
in VolumeMounts. | |
type: boolean | |
secretName: | |
description: the name of secret | |
that contains Azure Storage | |
Account Name and Key | |
type: string | |
shareName: | |
description: Share Name | |
type: string | |
required: | |
- secretName | |
- shareName | |
type: object | |
cephfs: | |
description: CephFS represents a Ceph | |
FS mount on the host that shares | |
a pod's lifetime | |
properties: | |
monitors: | |
description: 'Required: Monitors | |
is a collection of Ceph monitors | |
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' | |
items: | |
type: string | |
type: array | |
path: | |
description: 'Optional: Used as | |
the mounted root, rather than | |
the full Ceph tree, default | |
is /' | |
type: string | |
readOnly: | |
description: 'Optional: Defaults | |
to false (read/write). ReadOnly | |
here will force the ReadOnly | |
setting in VolumeMounts. More | |
info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' | |
type: boolean | |
secretFile: | |
description: 'Optional: SecretFile | |
is the path to key ring for | |
User, default is /etc/ceph/user.secret | |
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' | |
type: string | |
secretRef: | |
description: 'Optional: SecretRef | |
is reference to the authentication | |
secret for User, default is | |
empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
user: | |
description: 'Optional: User is | |
the rados user name, default | |
is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' | |
type: string | |
required: | |
- monitors | |
type: object | |
cinder: | |
description: 'Cinder represents a | |
cinder volume attached and mounted | |
on kubelets host machine. More info: | |
https://examples.k8s.io/mysql-cinder-pd/README.md' | |
properties: | |
fsType: | |
description: 'Filesystem type | |
to mount. Must be a filesystem | |
type supported by the host operating | |
system. Examples: "ext4", "xfs", | |
"ntfs". Implicitly inferred | |
to be "ext4" if unspecified. | |
More info: https://examples.k8s.io/mysql-cinder-pd/README.md' | |
type: string | |
readOnly: | |
description: 'Optional: Defaults | |
to false (read/write). ReadOnly | |
here will force the ReadOnly | |
setting in VolumeMounts. More | |
info: https://examples.k8s.io/mysql-cinder-pd/README.md' | |
type: boolean | |
secretRef: | |
description: 'Optional: points | |
to a secret object containing | |
parameters used to connect to | |
OpenStack.' | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
volumeID: | |
description: 'volume id used to | |
identify the volume in cinder. | |
More info: https://examples.k8s.io/mysql-cinder-pd/README.md' | |
type: string | |
required: | |
- volumeID | |
type: object | |
configMap: | |
description: ConfigMap represents | |
a configMap that should populate | |
this volume | |
properties: | |
defaultMode: | |
description: 'Optional: mode bits | |
to use on created files by default. | |
Must be a value between 0 and | |
0777. Defaults to 0644. Directories | |
within the path are not affected | |
by this setting. This might | |
be in conflict with other options | |
that affect the file mode, like | |
fsGroup, and the result can | |
be other mode bits set.' | |
format: int32 | |
type: integer | |
items: | |
description: If unspecified, each | |
key-value pair in the Data field | |
of the referenced ConfigMap | |
will be projected into the volume | |
as a file whose name is the | |
key and content is the value. | |
If specified, the listed keys | |
will be projected into the specified | |
paths, and unlisted keys will | |
not be present. If a key is | |
specified which is not present | |
in the ConfigMap, the volume | |
setup will error unless it is | |
marked optional. Paths must | |
be relative and may not contain | |
the '..' path or start with | |
'..'. | |
items: | |
description: Maps a string key | |
to a path within a volume. | |
properties: | |
key: | |
description: The key to | |
project. | |
type: string | |
mode: | |
description: 'Optional: | |
mode bits to use on this | |
file, must be a value | |
between 0 and 0777. If | |
not specified, the volume | |
defaultMode will be used. | |
This might be in conflict | |
with other options that | |
affect the file mode, | |
like fsGroup, and the | |
result can be other mode | |
bits set.' | |
format: int32 | |
type: integer | |
path: | |
description: The relative | |
path of the file to map | |
the key to. May not be | |
an absolute path. May | |
not contain the path element | |
'..'. May not start with | |
the string '..'. | |
type: string | |
required: | |
- key | |
- path | |
type: object | |
type: array | |
name: | |
description: 'Name of the referent. | |
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
optional: | |
description: Specify whether the | |
ConfigMap or its keys must be | |
defined | |
type: boolean | |
type: object | |
csi: | |
description: CSI (Container Storage | |
Interface) represents storage that | |
is handled by an external CSI driver | |
(Alpha feature). | |
properties: | |
driver: | |
description: Driver is the name | |
of the CSI driver that handles | |
this volume. Consult with your | |
admin for the correct name as | |
registered in the cluster. | |
type: string | |
fsType: | |
description: Filesystem type to | |
mount. Ex. "ext4", "xfs", "ntfs". | |
If not provided, the empty value | |
is passed to the associated | |
CSI driver which will determine | |
the default filesystem to apply. | |
type: string | |
nodePublishSecretRef: | |
description: NodePublishSecretRef | |
is a reference to the secret | |
object containing sensitive | |
information to pass to the CSI | |
driver to complete the CSI NodePublishVolume | |
and NodeUnpublishVolume calls. | |
This field is optional, and may | |
be empty if no secret is required. | |
If the secret object contains | |
more than one secret, all secret | |
references are passed. | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
readOnly: | |
description: Specifies a read-only | |
configuration for the volume. | |
Defaults to false (read/write). | |
type: boolean | |
volumeAttributes: | |
additionalProperties: | |
type: string | |
description: VolumeAttributes | |
stores driver-specific properties | |
that are passed to the CSI driver. | |
Consult your driver's documentation | |
for supported values. | |
type: object | |
required: | |
- driver | |
type: object | |
downwardAPI: | |
description: DownwardAPI represents | |
downward API about the pod that | |
should populate this volume | |
properties: | |
defaultMode: | |
description: 'Optional: mode bits | |
to use on created files by default. | |
Must be a value between 0 and | |
0777. Defaults to 0644. Directories | |
within the path are not affected | |
by this setting. This might | |
be in conflict with other options | |
that affect the file mode, like | |
fsGroup, and the result can | |
be other mode bits set.' | |
format: int32 | |
type: integer | |
items: | |
description: Items is a list of | |
downward API volume file | |
items: | |
description: DownwardAPIVolumeFile | |
represents information to | |
create the file containing | |
the pod field | |
properties: | |
fieldRef: | |
description: 'Required: | |
Selects a field of the | |
pod: only annotations, | |
labels, name and namespace | |
are supported.' | |
properties: | |
apiVersion: | |
description: Version | |
of the schema the | |
FieldPath is written | |
in terms of, defaults | |
to "v1". | |
type: string | |
fieldPath: | |
description: Path of | |
the field to select | |
in the specified API | |
version. | |
type: string | |
required: | |
- fieldPath | |
type: object | |
mode: | |
description: 'Optional: | |
mode bits to use on this | |
file, must be a value | |
between 0 and 0777. If | |
not specified, the volume | |
defaultMode will be used. | |
This might be in conflict | |
with other options that | |
affect the file mode, | |
like fsGroup, and the | |
result can be other mode | |
bits set.' | |
format: int32 | |
type: integer | |
path: | |
description: 'Required: | |
Path is the relative | |
path name of the file | |
to be created. Must not | |
be absolute or contain | |
the ''..'' path. Must | |
be utf-8 encoded. The | |
first item of the relative | |
path must not start with | |
''..''' | |
type: string | |
resourceFieldRef: | |
description: 'Selects a | |
resource of the container: | |
only resources limits | |
and requests (limits.cpu, | |
limits.memory, requests.cpu | |
and requests.memory) are | |
currently supported.' | |
properties: | |
containerName: | |
description: 'Container | |
name: required for | |
volumes, optional | |
for env vars' | |
type: string | |
divisor: | |
description: Specifies | |
the output format | |
of the exposed resources, | |
defaults to "1" | |
type: string | |
resource: | |
description: 'Required: | |
resource to select' | |
type: string | |
required: | |
- resource | |
type: object | |
required: | |
- path | |
type: object | |
type: array | |
type: object | |
emptyDir: | |
description: 'EmptyDir represents | |
a temporary directory that shares | |
a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' | |
properties: | |
medium: | |
description: 'What type of storage | |
medium should back this directory. | |
The default is "" which means | |
to use the node''s default medium. | |
Must be an empty string (default) | |
or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' | |
type: string | |
sizeLimit: | |
description: 'Total amount of | |
local storage required for this | |
EmptyDir volume. The size limit | |
is also applicable for memory | |
medium. The maximum usage on | |
memory medium EmptyDir would | |
be the minimum value between | |
the SizeLimit specified here | |
and the sum of memory limits | |
of all containers in a pod. | |
The default is nil which means | |
that the limit is undefined. | |
More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' | |
type: string | |
type: object | |
fc: | |
description: FC represents a Fibre | |
Channel resource that is attached | |
to a kubelet's host machine and | |
then exposed to the pod. | |
properties: | |
fsType: | |
description: 'Filesystem type | |
to mount. Must be a filesystem | |
type supported by the host operating | |
system. Ex. "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. TODO: how do | |
we prevent errors in the filesystem | |
from compromising the machine' | |
type: string | |
lun: | |
description: 'Optional: FC target | |
lun number' | |
format: int32 | |
type: integer | |
readOnly: | |
description: 'Optional: Defaults | |
to false (read/write). ReadOnly | |
here will force the ReadOnly | |
setting in VolumeMounts.' | |
type: boolean | |
targetWWNs: | |
description: 'Optional: FC target | |
worldwide names (WWNs)' | |
items: | |
type: string | |
type: array | |
wwids: | |
description: 'Optional: FC volume | |
world wide identifiers (wwids) | |
Either wwids or combination | |
of targetWWNs and lun must be | |
set, but not both simultaneously.' | |
items: | |
type: string | |
type: array | |
type: object | |
flexVolume: | |
description: FlexVolume represents | |
a generic volume resource that is | |
provisioned/attached using an exec | |
based plugin. | |
properties: | |
driver: | |
description: Driver is the name | |
of the driver to use for this | |
volume. | |
type: string | |
fsType: | |
description: Filesystem type to | |
mount. Must be a filesystem | |
type supported by the host operating | |
system. Ex. "ext4", "xfs", "ntfs". | |
The default filesystem depends | |
on FlexVolume script. | |
type: string | |
options: | |
additionalProperties: | |
type: string | |
description: 'Optional: Extra | |
command options if any.' | |
type: object | |
readOnly: | |
description: 'Optional: Defaults | |
to false (read/write). ReadOnly | |
here will force the ReadOnly | |
setting in VolumeMounts.' | |
type: boolean | |
secretRef: | |
description: 'Optional: SecretRef | |
is reference to the secret object | |
containing sensitive information | |
to pass to the plugin scripts. | |
This may be empty if no secret | |
object is specified. If the | |
secret object contains more | |
than one secret, all secrets | |
are passed to the plugin scripts.' | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
required: | |
- driver | |
type: object | |
flocker: | |
description: Flocker represents a | |
Flocker volume attached to a kubelet's | |
host machine. This depends on the | |
Flocker control service being running | |
properties: | |
datasetName: | |
description: Name of the dataset | |
stored as metadata -> name on | |
the dataset for Flocker should | |
be considered as deprecated | |
type: string | |
datasetUUID: | |
description: UUID of the dataset. | |
This is unique identifier of | |
a Flocker dataset | |
type: string | |
type: object | |
gcePersistentDisk: | |
description: 'GCEPersistentDisk represents | |
a GCE Disk resource that is attached | |
to a kubelet''s host machine and | |
then exposed to the pod. More info: | |
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
properties: | |
fsType: | |
description: 'Filesystem type | |
of the volume that you want | |
to mount. Tip: Ensure that the | |
filesystem type is supported | |
by the host operating system. | |
Examples: "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk | |
TODO: how do we prevent errors | |
in the filesystem from compromising | |
the machine' | |
type: string | |
partition: | |
description: 'The partition in | |
the volume that you want to | |
mount. If omitted, the default | |
is to mount by volume name. | |
Examples: For volume /dev/sda1, | |
you specify the partition as | |
"1". Similarly, the volume partition | |
for /dev/sda is "0" (or you | |
can leave the property empty). | |
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
format: int32 | |
type: integer | |
pdName: | |
description: 'Unique name of the | |
PD resource in GCE. Used to | |
identify the disk in GCE. More | |
info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
type: string | |
readOnly: | |
description: 'ReadOnly here will | |
force the ReadOnly setting in | |
VolumeMounts. Defaults to false. | |
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' | |
type: boolean | |
required: | |
- pdName | |
type: object | |
gitRepo: | |
description: 'GitRepo represents a | |
git repository at a particular revision. | |
DEPRECATED: GitRepo is deprecated. | |
To provision a container with a | |
git repo, mount an EmptyDir into | |
an InitContainer that clones the | |
repo using git, then mount the EmptyDir | |
into the Pod''s container.' | |
properties: | |
directory: | |
description: Target directory | |
name. Must not contain or start | |
with '..'. If '.' is supplied, | |
the volume directory will be | |
the git repository. Otherwise, | |
if specified, the volume will | |
contain the git repository in | |
the subdirectory with the given | |
name. | |
type: string | |
repository: | |
description: Repository URL | |
type: string | |
revision: | |
description: Commit hash for the | |
specified revision. | |
type: string | |
required: | |
- repository | |
type: object | |
glusterfs: | |
description: 'Glusterfs represents | |
a Glusterfs mount on the host that | |
shares a pod''s lifetime. More info: | |
https://examples.k8s.io/volumes/glusterfs/README.md' | |
properties: | |
endpoints: | |
description: 'EndpointsName is | |
the endpoint name that details | |
Glusterfs topology. More info: | |
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' | |
type: string | |
path: | |
description: 'Path is the Glusterfs | |
volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' | |
type: string | |
readOnly: | |
description: 'ReadOnly here will | |
force the Glusterfs volume to | |
be mounted with read-only permissions. | |
Defaults to false. More info: | |
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' | |
type: boolean | |
required: | |
- endpoints | |
- path | |
type: object | |
hostPath: | |
description: 'HostPath represents | |
a pre-existing file or directory | |
on the host machine that is directly | |
exposed to the container. This is | |
generally used for system agents | |
or other privileged things that | |
are allowed to see the host machine. | |
Most containers will NOT need this. | |
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath | |
--- TODO(jonesdl) We need to restrict | |
who can use host directory mounts | |
and who can/can not mount host directories | |
as read/write.' | |
properties: | |
path: | |
description: 'Path of the directory | |
on the host. If the path is | |
a symlink, it will follow the | |
link to the real path. More | |
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' | |
type: string | |
type: | |
description: 'Type for HostPath | |
Volume Defaults to "" More info: | |
https://kubernetes.io/docs/concepts/storage/volumes#hostpath' | |
type: string | |
required: | |
- path | |
type: object | |
iscsi: | |
description: 'ISCSI represents an | |
ISCSI Disk resource that is attached | |
to a kubelet''s host machine and | |
then exposed to the pod. More info: | |
https://examples.k8s.io/volumes/iscsi/README.md' | |
properties: | |
chapAuthDiscovery: | |
description: whether support iSCSI | |
Discovery CHAP authentication | |
type: boolean | |
chapAuthSession: | |
description: whether support iSCSI | |
Session CHAP authentication | |
type: boolean | |
fsType: | |
description: 'Filesystem type | |
of the volume that you want | |
to mount. Tip: Ensure that the | |
filesystem type is supported | |
by the host operating system. | |
Examples: "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi | |
TODO: how do we prevent errors | |
in the filesystem from compromising | |
the machine' | |
type: string | |
initiatorName: | |
description: Custom iSCSI Initiator | |
Name. If initiatorName is specified | |
with iscsiInterface simultaneously, | |
new iSCSI interface <target | |
portal>:<volume name> will be | |
created for the connection. | |
type: string | |
iqn: | |
description: Target iSCSI Qualified | |
Name. | |
type: string | |
iscsiInterface: | |
description: iSCSI Interface Name | |
that uses an iSCSI transport. | |
Defaults to 'default' (tcp). | |
type: string | |
lun: | |
description: iSCSI Target Lun | |
number. | |
format: int32 | |
type: integer | |
portals: | |
description: iSCSI Target Portal | |
List. The portal is either an | |
IP or ip_addr:port if the port | |
is other than default (typically | |
TCP ports 860 and 3260). | |
items: | |
type: string | |
type: array | |
readOnly: | |
description: ReadOnly here will | |
force the ReadOnly setting in | |
VolumeMounts. Defaults to false. | |
type: boolean | |
secretRef: | |
description: CHAP Secret for iSCSI | |
target and initiator authentication | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
targetPortal: | |
description: iSCSI Target Portal. | |
The Portal is either an IP or | |
ip_addr:port if the port is | |
other than default (typically | |
TCP ports 860 and 3260). | |
type: string | |
required: | |
- iqn | |
- lun | |
- targetPortal | |
type: object | |
name: | |
description: 'Volume''s name. Must | |
be a DNS_LABEL and unique within | |
the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' | |
type: string | |
nfs: | |
description: 'NFS represents an NFS | |
mount on the host that shares a | |
pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
properties: | |
path: | |
description: 'Path that is exported | |
by the NFS server. More info: | |
https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
type: string | |
readOnly: | |
description: 'ReadOnly here will | |
force the NFS export to be mounted | |
with read-only permissions. | |
Defaults to false. More info: | |
https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
type: boolean | |
server: | |
description: 'Server is the hostname | |
or IP address of the NFS server. | |
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' | |
type: string | |
required: | |
- path | |
- server | |
type: object | |
persistentVolumeClaim: | |
description: 'PersistentVolumeClaimVolumeSource | |
represents a reference to a PersistentVolumeClaim | |
in the same namespace. More info: | |
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' | |
properties: | |
claimName: | |
description: 'ClaimName is the | |
name of a PersistentVolumeClaim | |
in the same namespace as the | |
pod using this volume. More | |
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' | |
type: string | |
readOnly: | |
description: Will force the ReadOnly | |
setting in VolumeMounts. Default | |
false. | |
type: boolean | |
required: | |
- claimName | |
type: object | |
photonPersistentDisk: | |
description: PhotonPersistentDisk | |
represents a PhotonController persistent | |
disk attached and mounted on kubelets | |
host machine | |
properties: | |
fsType: | |
description: Filesystem type to | |
mount. Must be a filesystem | |
type supported by the host operating | |
system. Ex. "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. | |
type: string | |
pdID: | |
description: ID that identifies | |
Photon Controller persistent | |
disk | |
type: string | |
required: | |
- pdID | |
type: object | |
portworxVolume: | |
description: PortworxVolume represents | |
a portworx volume attached and mounted | |
on kubelets host machine | |
properties: | |
fsType: | |
description: FSType represents | |
the filesystem type to mount | |
Must be a filesystem type supported | |
by the host operating system. | |
Ex. "ext4", "xfs". Implicitly | |
inferred to be "ext4" if unspecified. | |
type: string | |
readOnly: | |
description: Defaults to false | |
(read/write). ReadOnly here | |
will force the ReadOnly setting | |
in VolumeMounts. | |
type: boolean | |
volumeID: | |
description: VolumeID uniquely | |
identifies a Portworx volume | |
type: string | |
required: | |
- volumeID | |
type: object | |
projected: | |
description: Items for all in one | |
resources secrets, configmaps, and | |
downward API | |
properties: | |
defaultMode: | |
description: Mode bits to use | |
on created files by default. | |
Must be a value between 0 and | |
0777. Directories within the | |
path are not affected by this | |
setting. This might be in conflict | |
with other options that affect | |
the file mode, like fsGroup, | |
and the result can be other | |
mode bits set. | |
format: int32 | |
type: integer | |
sources: | |
description: list of volume projections | |
items: | |
description: Projection that | |
may be projected along with | |
other supported volume types | |
properties: | |
configMap: | |
description: information | |
about the configMap data | |
to project | |
properties: | |
items: | |
description: If unspecified, | |
each key-value pair | |
in the Data field | |
of the referenced | |
ConfigMap will be | |
projected into the | |
volume as a file whose | |
name is the key and | |
content is the value. | |
If specified, the | |
listed keys will be | |
projected into the | |
specified paths, and | |
unlisted keys will | |
not be present. If | |
a key is specified | |
which is not present | |
in the ConfigMap, | |
the volume setup will | |
error unless it is | |
marked optional. Paths | |
must be relative and | |
may not contain the | |
'..' path or start | |
with '..'. | |
items: | |
description: Maps | |
a string key to | |
a path within a | |
volume. | |
properties: | |
key: | |
description: The | |
key to project. | |
type: string | |
mode: | |
description: 'Optional: | |
mode bits to | |
use on this | |
file, must be | |
a value between | |
0 and 0777. | |
If not specified, | |
the volume defaultMode | |
will be used. | |
This might be | |
in conflict | |
with other options | |
that affect | |
the file mode, | |
like fsGroup, | |
and the result | |
can be other | |
mode bits set.' | |
format: int32 | |
type: integer | |
path: | |
description: The | |
relative path | |
of the file | |
to map the key | |
to. May not | |
be an absolute | |
path. May not | |
contain the | |
path element | |
'..'. May not | |
start with the | |
string '..'. | |
type: string | |
required: | |
- key | |
- path | |
type: object | |
type: array | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the ConfigMap | |
or its keys must be | |
defined | |
type: boolean | |
type: object | |
downwardAPI: | |
description: information | |
about the downwardAPI | |
data to project | |
properties: | |
items: | |
description: Items is | |
a list of DownwardAPIVolume | |
file | |
items: | |
description: DownwardAPIVolumeFile | |
represents information | |
to create the file | |
containing the pod | |
field | |
properties: | |
fieldRef: | |
description: 'Required: | |
Selects a field | |
of the pod: | |
only annotations, | |
labels, name | |
and namespace | |
are supported.' | |
properties: | |
apiVersion: | |
description: Version | |
of the schema | |
the FieldPath | |
is written | |
in terms | |
of, defaults | |
to "v1". | |
type: string | |
fieldPath: | |
description: Path | |
of the field | |
to select | |
in the specified | |
API version. | |
type: string | |
required: | |
- fieldPath | |
type: object | |
mode: | |
description: 'Optional: | |
mode bits to | |
use on this | |
file, must be | |
a value between | |
0 and 0777. | |
If not specified, | |
the volume defaultMode | |
will be used. | |
This might be | |
in conflict | |
with other options | |
that affect | |
the file mode, | |
like fsGroup, | |
and the result | |
can be other | |
mode bits set.' | |
format: int32 | |
type: integer | |
path: | |
description: 'Required: | |
Path is the | |
relative path | |
name of the | |
file to be created. | |
Must not be | |
absolute or | |
contain the | |
''..'' path. | |
Must be utf-8 | |
encoded. The | |
first item of | |
the relative | |
path must not | |
start with ''..''' | |
type: string | |
resourceFieldRef: | |
description: 'Selects | |
a resource of | |
the container: | |
only resources | |
limits and requests | |
(limits.cpu, | |
limits.memory, | |
requests.cpu | |
and requests.memory) | |
are currently | |
supported.' | |
properties: | |
containerName: | |
description: 'Container | |
name: required | |
for volumes, | |
optional | |
for env | |
vars' | |
type: string | |
divisor: | |
description: Specifies | |
the output | |
format of | |
the exposed | |
resources, | |
defaults | |
to "1" | |
type: string | |
resource: | |
description: 'Required: | |
resource | |
to select' | |
type: string | |
required: | |
- resource | |
type: object | |
required: | |
- path | |
type: object | |
type: array | |
type: object | |
secret: | |
description: information | |
about the secret data | |
to project | |
properties: | |
items: | |
description: If unspecified, | |
each key-value pair | |
in the Data field | |
of the referenced | |
Secret will be projected | |
into the volume as | |
a file whose name | |
is the key and content | |
is the value. If specified, | |
the listed keys will | |
be projected into | |
the specified paths, | |
and unlisted keys | |
will not be present. | |
If a key is specified | |
which is not present | |
in the Secret, the | |
volume setup will | |
error unless it is | |
marked optional. Paths | |
must be relative and | |
may not contain the | |
'..' path or start | |
with '..'. | |
items: | |
description: Maps | |
a string key to | |
a path within a | |
volume. | |
properties: | |
key: | |
description: The | |
key to project. | |
type: string | |
mode: | |
description: 'Optional: | |
mode bits to | |
use on this | |
file, must be | |
a value between | |
0 and 0777. | |
If not specified, | |
the volume defaultMode | |
will be used. | |
This might be | |
in conflict | |
with other options | |
that affect | |
the file mode, | |
like fsGroup, | |
and the result | |
can be other | |
mode bits set.' | |
format: int32 | |
type: integer | |
path: | |
description: The | |
relative path | |
of the file | |
to map the key | |
to. May not | |
be an absolute | |
path. May not | |
contain the | |
path element | |
'..'. May not | |
start with the | |
string '..'. | |
type: string | |
required: | |
- key | |
- path | |
type: object | |
type: array | |
name: | |
description: 'Name of | |
the referent. More | |
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful | |
fields. apiVersion, | |
kind, uid?' | |
type: string | |
optional: | |
description: Specify | |
whether the Secret | |
or its key must be | |
defined | |
type: boolean | |
type: object | |
serviceAccountToken: | |
description: information | |
about the serviceAccountToken | |
data to project | |
properties: | |
audience: | |
description: Audience | |
is the intended audience | |
of the token. A recipient | |
of a token must identify | |
itself with an identifier | |
specified in the audience | |
of the token, and | |
otherwise should reject | |
the token. The audience | |
defaults to the identifier | |
of the apiserver. | |
type: string | |
expirationSeconds: | |
description: ExpirationSeconds | |
is the requested duration | |
of validity of the | |
service account token. | |
As the token approaches | |
expiration, the kubelet | |
volume plugin will | |
proactively rotate | |
the service account | |
token. The kubelet | |
will start trying | |
to rotate the token | |
if the token is older | |
than 80 percent of | |
its time to live or | |
if the token is older | |
than 24 hours.Defaults | |
to 1 hour and must | |
be at least 10 minutes. | |
format: int64 | |
type: integer | |
path: | |
description: Path is | |
the path relative | |
to the mount point | |
of the file to project | |
the token into. | |
type: string | |
required: | |
- path | |
type: object | |
type: object | |
type: array | |
required: | |
- sources | |
type: object | |
quobyte: | |
description: Quobyte represents a | |
Quobyte mount on the host that shares | |
a pod's lifetime | |
properties: | |
group: | |
description: Group to map volume | |
access to Default is no group | |
type: string | |
readOnly: | |
description: ReadOnly here will | |
force the Quobyte volume to | |
be mounted with read-only permissions. | |
Defaults to false. | |
type: boolean | |
registry: | |
description: Registry represents | |
a single or multiple Quobyte | |
Registry services specified | |
as a string as host:port pair | |
(multiple entries are separated | |
with commas) which acts as the | |
central registry for volumes | |
type: string | |
tenant: | |
description: Tenant owning the | |
given Quobyte volume in the | |
Backend Used with dynamically | |
provisioned Quobyte volumes, | |
value is set by the plugin | |
type: string | |
user: | |
description: User to map volume | |
access to Defaults to serivceaccount | |
user | |
type: string | |
volume: | |
description: Volume is a string | |
that references an already created | |
Quobyte volume by name. | |
type: string | |
required: | |
- registry | |
- volume | |
type: object | |
rbd: | |
description: 'RBD represents a Rados | |
Block Device mount on the host that | |
shares a pod''s lifetime. More info: | |
https://examples.k8s.io/volumes/rbd/README.md' | |
properties: | |
fsType: | |
description: 'Filesystem type | |
of the volume that you want | |
to mount. Tip: Ensure that the | |
filesystem type is supported | |
by the host operating system. | |
Examples: "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd | |
TODO: how do we prevent errors | |
in the filesystem from compromising | |
the machine' | |
type: string | |
image: | |
description: 'The rados image | |
name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' | |
type: string | |
keyring: | |
description: 'Keyring is the path | |
to key ring for RBDUser. Default | |
is /etc/ceph/keyring. More info: | |
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' | |
type: string | |
monitors: | |
description: 'A collection of | |
Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' | |
items: | |
type: string | |
type: array | |
pool: | |
description: 'The rados pool name. | |
Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' | |
type: string | |
readOnly: | |
description: 'ReadOnly here will | |
force the ReadOnly setting in | |
VolumeMounts. Defaults to false. | |
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' | |
type: boolean | |
secretRef: | |
description: 'SecretRef is name | |
of the authentication secret | |
for RBDUser. If provided overrides | |
keyring. Default is nil. More | |
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
user: | |
description: 'The rados user name. | |
Default is admin. More info: | |
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' | |
type: string | |
required: | |
- image | |
- monitors | |
type: object | |
scaleIO: | |
description: ScaleIO represents a | |
ScaleIO persistent volume attached | |
and mounted on Kubernetes nodes. | |
properties: | |
fsType: | |
description: Filesystem type to | |
mount. Must be a filesystem | |
type supported by the host operating | |
system. Ex. "ext4", "xfs", "ntfs". | |
Default is "xfs". | |
type: string | |
gateway: | |
description: The host address | |
of the ScaleIO API Gateway. | |
type: string | |
protectionDomain: | |
description: The name of the ScaleIO | |
Protection Domain for the configured | |
storage. | |
type: string | |
readOnly: | |
description: Defaults to false | |
(read/write). ReadOnly here | |
will force the ReadOnly setting | |
in VolumeMounts. | |
type: boolean | |
secretRef: | |
description: SecretRef references | |
to the secret for ScaleIO user | |
and other sensitive information. | |
If this is not provided, Login | |
operation will fail. | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
sslEnabled: | |
description: Flag to enable/disable | |
SSL communication with Gateway, | |
default false | |
type: boolean | |
storageMode: | |
description: Indicates whether | |
the storage for a volume should | |
be ThickProvisioned or ThinProvisioned. | |
Default is ThinProvisioned. | |
type: string | |
storagePool: | |
description: The ScaleIO Storage | |
Pool associated with the protection | |
domain. | |
type: string | |
system: | |
description: The name of the storage | |
system as configured in ScaleIO. | |
type: string | |
volumeName: | |
description: The name of a volume | |
already created in the ScaleIO | |
system that is associated with | |
this volume source. | |
type: string | |
required: | |
- gateway | |
- secretRef | |
- system | |
type: object | |
secret: | |
description: 'Secret represents a | |
secret that should populate this | |
volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' | |
properties: | |
defaultMode: | |
description: 'Optional: mode bits | |
to use on created files by default. | |
Must be a value between 0 and | |
0777. Defaults to 0644. Directories | |
within the path are not affected | |
by this setting. This might | |
be in conflict with other options | |
that affect the file mode, like | |
fsGroup, and the result can | |
be other mode bits set.' | |
format: int32 | |
type: integer | |
items: | |
description: If unspecified, each | |
key-value pair in the Data field | |
of the referenced Secret will | |
be projected into the volume | |
as a file whose name is the | |
key and content is the value. | |
If specified, the listed keys | |
will be projected into the specified | |
paths, and unlisted keys will | |
not be present. If a key is | |
specified which is not present | |
in the Secret, the volume setup | |
will error unless it is marked | |
optional. Paths must be relative | |
and may not contain the '..' | |
path or start with '..'. | |
items: | |
description: Maps a string key | |
to a path within a volume. | |
properties: | |
key: | |
description: The key to | |
project. | |
type: string | |
mode: | |
description: 'Optional: | |
mode bits to use on this | |
file, must be a value | |
between 0 and 0777. If | |
not specified, the volume | |
defaultMode will be used. | |
This might be in conflict | |
with other options that | |
affect the file mode, | |
like fsGroup, and the | |
result can be other mode | |
bits set.' | |
format: int32 | |
type: integer | |
path: | |
description: The relative | |
path of the file to map | |
the key to. May not be | |
an absolute path. May | |
not contain the path element | |
'..'. May not start with | |
the string '..'. | |
type: string | |
required: | |
- key | |
- path | |
type: object | |
type: array | |
optional: | |
description: Specify whether the | |
Secret or its keys must be defined | |
type: boolean | |
secretName: | |
description: 'Name of the secret | |
in the pod''s namespace to use. | |
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' | |
type: string | |
type: object | |
storageos: | |
description: StorageOS represents | |
a StorageOS volume attached and | |
mounted on Kubernetes nodes. | |
properties: | |
fsType: | |
description: Filesystem type to | |
mount. Must be a filesystem | |
type supported by the host operating | |
system. Ex. "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. | |
type: string | |
readOnly: | |
description: Defaults to false | |
(read/write). ReadOnly here | |
will force the ReadOnly setting | |
in VolumeMounts. | |
type: boolean | |
secretRef: | |
description: SecretRef specifies | |
the secret to use for obtaining | |
the StorageOS API credentials. If | |
not specified, default values | |
will be attempted. | |
properties: | |
name: | |
description: 'Name of the | |
referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | |
TODO: Add other useful fields. | |
apiVersion, kind, uid?' | |
type: string | |
type: object | |
volumeName: | |
description: VolumeName is the | |
human-readable name of the StorageOS | |
volume. Volume names are only | |
unique within a namespace. | |
type: string | |
volumeNamespace: | |
description: VolumeNamespace specifies | |
the scope of the volume within | |
StorageOS. If no namespace | |
is specified then the Pod's | |
namespace will be used. This | |
allows the Kubernetes name scoping | |
to be mirrored within StorageOS | |
for tighter integration. Set | |
VolumeName to any name to override | |
the default behaviour. Set to | |
"default" if you are not using | |
namespaces within StorageOS. | |
Namespaces that do not pre-exist | |
within StorageOS will be created. | |
type: string | |
type: object | |
vsphereVolume: | |
description: VsphereVolume represents | |
a vSphere volume attached and mounted | |
on kubelets host machine | |
properties: | |
fsType: | |
description: Filesystem type to | |
mount. Must be a filesystem | |
type supported by the host operating | |
system. Ex. "ext4", "xfs", "ntfs". | |
Implicitly inferred to be "ext4" | |
if unspecified. | |
type: string | |
storagePolicyID: | |
description: Storage Policy Based | |
Management (SPBM) profile ID | |
associated with the StoragePolicyName. | |
type: string | |
storagePolicyName: | |
description: Storage Policy Based | |
Management (SPBM) profile name. | |
type: string | |
volumePath: | |
description: Path that identifies | |
vSphere volume vmdk | |
type: string | |
required: | |
- volumePath | |
type: object | |
required: | |
- name | |
type: object | |
type: array | |
required: | |
- containers | |
type: object | |
type: object | |
required: | |
- selector | |
- template | |
type: object | |
required: | |
- name | |
- spec | |
type: object | |
type: array | |
permissions: | |
items: | |
description: StrategyDeploymentPermissions describe the | |
rbac rules and service account needed by the install strategy | |
properties: | |
rules: | |
items: | |
description: PolicyRule holds information that describes | |
a policy rule, but does not contain information | |
about who the rule applies to or which namespace | |
the rule applies to. | |
properties: | |
apiGroups: | |
description: APIGroups is the name of the APIGroup | |
that contains the resources. If multiple API | |
groups are specified, any action requested against | |
one of the enumerated resources in any API group | |
will be allowed. | |
items: | |
type: string | |
type: array | |
nonResourceURLs: | |
description: NonResourceURLs is a set of partial | |
urls that a user should have access to. *s | |
are allowed, but only as the full, final step | |
in the path Since non-resource URLs are not | |
namespaced, this field is only applicable for | |
ClusterRoles referenced from a ClusterRoleBinding. | |
Rules can either apply to API resources (such | |
as "pods" or "secrets") or non-resource URL | |
paths (such as "/api"), but not both. | |
items: | |
type: string | |
type: array | |
resourceNames: | |
description: ResourceNames is an optional white | |
list of names that the rule applies to. An | |
empty set means that everything is allowed. | |
items: | |
type: string | |
type: array | |
resources: | |
description: Resources is a list of resources | |
this rule applies to. ResourceAll represents | |
all resources. | |
items: | |
type: string | |
type: array | |
verbs: | |
description: Verbs is a list of Verbs that apply | |
to ALL the ResourceKinds and AttributeRestrictions | |
contained in this rule. VerbAll represents | |
all kinds. | |
items: | |
type: string | |
type: array | |
required: | |
- verbs | |
type: object | |
type: array | |
serviceAccountName: | |
type: string | |
required: | |
- rules | |
- serviceAccountName | |
type: object | |
type: array | |
required: | |
- deployments | |
type: object | |
strategy: | |
type: string | |
required: | |
- strategy | |
type: object | |
installModes: | |
description: InstallModes specify supported installation types | |
items: | |
description: InstallMode associates an InstallModeType with a flag | |
representing if the CSV supports it | |
properties: | |
supported: | |
type: boolean | |
type: | |
description: InstallModeType is a supported type of install | |
mode for CSV installation | |
type: string | |
required: | |
- supported | |
- type | |
type: object | |
type: array | |
keywords: | |
items: | |
type: string | |
type: array | |
labels: | |
additionalProperties: | |
type: string | |
description: Map of string keys and values that can be used to organize | |
and categorize (scope and select) objects. | |
type: object | |
links: | |
items: | |
properties: | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
type: array | |
maintainers: | |
items: | |
properties: | |
email: | |
type: string | |
name: | |
type: string | |
type: object | |
type: array | |
maturity: | |
type: string | |
minKubeVersion: | |
type: string | |
nativeAPIs: | |
items: | |
description: GroupVersionKind unambiguously identifies a kind. It | |
doesn't anonymously include GroupVersion to avoid automatic coersion. It | |
doesn't use a GroupVersion to avoid custom marshalling | |
properties: | |
group: | |
type: string | |
kind: | |
type: string | |
version: | |
type: string | |
required: | |
- group | |
- kind | |
- version | |
type: object | |
type: array | |
provider: | |
properties: | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
replaces: | |
description: The name of a CSV this one replaces. Should match the | |
`metadata.Name` field of the old CSV. | |
type: string | |
selector: | |
description: Label selector for related resources. | |
properties: | |
matchExpressions: | |
description: matchExpressions is a list of label selector requirements. | |
The requirements are ANDed. | |
items: | |
description: A label selector requirement is a selector that | |
contains values, a key, and an operator that relates the key | |
and values. | |
properties: | |
key: | |
description: key is the label key that the selector applies | |
to. | |
type: string | |
operator: | |
description: operator represents a key's relationship to | |
a set of values. Valid operators are In, NotIn, Exists | |
and DoesNotExist. | |
type: string | |
values: | |
description: values is an array of string values. If the | |
operator is In or NotIn, the values array must be non-empty. | |
If the operator is Exists or DoesNotExist, the values | |
array must be empty. This array is replaced during a strategic | |
merge patch. | |
items: | |
type: string | |
type: array | |
required: | |
- key | |
- operator | |
type: object | |
type: array | |
matchLabels: | |
additionalProperties: | |
type: string | |
description: matchLabels is a map of {key,value} pairs. A single | |
{key,value} in the matchLabels map is equivalent to an element | |
of matchExpressions, whose key field is "key", the operator | |
is "In", and the values array contains only "value". The requirements | |
are ANDed. | |
type: object | |
type: object | |
version: | |
description: OperatorVersion is a wrapper around semver.Version which | |
supports correct marshaling to YAML and JSON. | |
type: string | |
required: | |
- displayName | |
- install | |
type: object | |
status: | |
description: ClusterServiceVersionStatus represents information about | |
the status of a pod. Status may trail the actual state of a system. | |
properties: | |
certsLastUpdated: | |
description: Last time the owned APIService certs were updated | |
format: date-time | |
type: string | |
certsRotateAt: | |
description: Time the owned APIService certs will rotate next | |
format: date-time | |
type: string | |
conditions: | |
description: List of conditions, a history of state transitions | |
items: | |
description: Conditions appear in the status as a record of state | |
transitions on the ClusterServiceVersion | |
properties: | |
lastTransitionTime: | |
description: Last time the status transitioned from one status | |
to another. | |
format: date-time | |
type: string | |
lastUpdateTime: | |
description: Last time we updated the status | |
format: date-time | |
type: string | |
message: | |
description: A human readable message indicating details about | |
why the ClusterServiceVersion is in this condition. | |
type: string | |
phase: | |
description: Condition of the ClusterServiceVersion | |
type: string | |
reason: | |
description: A brief CamelCase message indicating details about | |
why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' | |
type: string | |
type: object | |
type: array | |
lastTransitionTime: | |
description: Last time the status transitioned from one status to | |
another. | |
format: date-time | |
type: string | |
lastUpdateTime: | |
description: Last time we updated the status | |
format: date-time | |
type: string | |
message: | |
description: A human readable message indicating details about why | |
the ClusterServiceVersion is in this condition. | |
type: string | |
phase: | |
description: Current condition of the ClusterServiceVersion | |
type: string | |
reason: | |
description: A brief CamelCase message indicating details about why | |
the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' | |
type: string | |
requirementStatus: | |
description: The status of each requirement for this CSV | |
items: | |
properties: | |
dependents: | |
items: | |
description: DependentStatus is the status for a dependent | |
requirement (to prevent infinite nesting) | |
properties: | |
group: | |
type: string | |
kind: | |
type: string | |
message: | |
type: string | |
status: | |
description: StatusReason is a camelcased reason for the | |
status of a RequirementStatus or DependentStatus | |
type: string | |
uuid: | |
type: string | |
version: | |
type: string | |
required: | |
- group | |
- kind | |
- status | |
- version | |
type: object | |
type: array | |
group: | |
type: string | |
kind: | |
type: string | |
message: | |
type: string | |
name: | |
type: string | |
status: | |
description: StatusReason is a camelcased reason for the status | |
of a RequirementStatus or DependentStatus | |
type: string | |
uuid: | |
type: string | |
version: | |
type: string | |
required: | |
- group | |
- kind | |
- message | |
- name | |
- status | |
- version | |
type: object | |
type: array | |
type: object | |
required: | |
- metadata | |
- spec | |
type: object | |
served: true | |
storage: true | |
status: | |
acceptedNames: | |
kind: "" | |
plural: "" | |
conditions: [] | |
storedVersions: [] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment