Skip to content

Instantly share code, notes, and snippets.

@marcel

marcel/deployment.yaml

Last active November 10, 2018 20:36
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save marcel/dbcb2599bb6bea72b8ead62348286528 to your computer and use it in GitHub Desktop.
Save marcel/dbcb2599bb6bea72b8ead62348286528 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deployment.yaml
# v1beta1.Deployment: Deployment enables declarative updates for Pods and ReplicaSets.
# (apiVersion <string>): APIVersion defines the versioned schema of this
# representation of an object. Servers should convert recognized schemas to the
# latest internal value, and may reject unrecognized values. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
apiVersion:
# (kind <string>): Kind is a string value representing the REST resource this
# object represents. Servers may infer this from the endpoint the client submits
# requests to. Cannot be updated. In CamelCase. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
kind:
# (metadata <Object>): Standard object metadata.
metadata:
# (labels <object>): Map of string keys and values that can be used to
# organize and categorize (scope and select) objects. May match selectors of
# replication controllers and services. More info:
# http://kubernetes.io/docs/user-guide/labels
labels:
# (namespace <string>): Namespace defines the space within each name must be
# unique. An empty namespace is equivalent to the "default" namespace, but
# "default" is the canonical representation. Not all objects are required to be
# scoped to a namespace - the value of this field for those objects will be
# empty. Must be a DNS_LABEL. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/namespaces
namespace:
# (annotations <object>): Annotations is an unstructured key value map stored
# with a resource that may be set by external tools to store and retrieve
# arbitrary metadata. They are not queryable and should be preserved when
# modifying objects. More info:
# http://kubernetes.io/docs/user-guide/annotations
annotations:
# (creationTimestamp <string>): CreationTimestamp is a timestamp representing
# the server time when this object was created. It is not guaranteed to be set
# in happens-before order across separate operations. Clients may not set this
# value. It is represented in RFC3339 form and is in UTC. Populated by the
# system. Read-only. Null for lists. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
creationTimestamp:
# (generation <integer>): A sequence number representing a specific generation
# of the desired state. Populated by the system. Read-only.
generation:
# (deletionGracePeriodSeconds <integer>): Number of seconds allowed for this
# object to gracefully terminate before it will be removed from the system.
# Only set when deletionTimestamp is also set. May only be shortened.
# Read-only.
deletionGracePeriodSeconds:
# (ownerReferences <[]Object>): List of objects depended by this object. If
# ALL objects in the list have been deleted, this object will be garbage
# collected. If this object is managed by a controller, then an entry in this
# list will point to this controller, with the controller field set to true.
# There cannot be more than one managing controller.
ownerReferences:
# (uid <string> -required-): UID of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#uids
uid:
# (apiVersion <string> -required-): API version of the referent.
apiVersion:
# (blockOwnerDeletion <boolean>): If true, AND if the owner has the
# "foregroundDeletion" finalizer, then the owner cannot be deleted from the
# key-value store until this reference is removed. Defaults to false. To set
# this field, a user needs "delete" permission of the owner, otherwise 422
# (Unprocessable Entity) will be returned.
blockOwnerDeletion:
# (controller <boolean>): If true, this reference points to the managing
# controller.
controller:
# (kind <string> -required-): Kind of the referent. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
kind:
# (name <string> -required-): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (selfLink <string>): SelfLink is a URL representing this object. Populated
# by the system. Read-only.
selfLink:
# (finalizers <[]string>): Must be empty before the object is deleted from the
# registry. Each entry is an identifier for the responsible component that will
# remove the entry from the list. If the deletionTimestamp of the object is
# non-nil, entries in this list can only be removed.
finalizers:
# (uid <string>): UID is the unique in time and space value for this object.
# It is typically generated by the server on successful creation of a resource
# and is not allowed to change on PUT operations. Populated by the system.
# Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
uid:
# (name <string>): Name must be unique within a namespace. Is required when
# creating resources, although some resources may allow a client to request the
# generation of an appropriate name automatically. Name is primarily intended
# for creation idempotence and configuration definition. Cannot be updated.
# More info: http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (resourceVersion <string>): An opaque value that represents the internal
# version of this object that can be used by clients to determine when objects
# have changed. May be used for optimistic concurrency, change detection, and
# the watch operation on a resource or set of resources. Clients must treat
# these values as opaque and passed unmodified back to the server. They may
# only be valid for a particular resource or set of resources. Populated by
# the system. Read-only. Value must be treated as opaque by clients and . More
# info: http://releases.k8s.io/HEAD/docs/devel/
# api-conventions.md#concurrency-control-and-consistency/
resourceVersion:
# (clusterName <string>): The name of the cluster which the object belongs to.
# This is used to distinguish resources with same name and namespace in
# different clusters. This field is not set anywhere right now and apiserver is
# going to ignore it if set in create or update request.
clusterName:
# (deletionTimestamp <string>): DeletionTimestamp is RFC 3339 date and time at
# which this resource will be deleted. This field is set by the server when a
# graceful deletion is requested by the user, and is not directly settable by a
# client. The resource is expected to be deleted (no longer visible from
# resource lists, and not reachable by name) after the time in this field. Once
# set, this value may not be unset or be set further into the future, although
# it may be shortened or the resource may be deleted prior to this time. For
# example, a user may request that a pod is deleted in 30 seconds. The Kubelet
# will react by sending a graceful termination signal to the containers in the
# pod. After that 30 seconds, the Kubelet will send a hard termination signal
# (SIGKILL) to the container and after cleanup, remove the pod from the API. In
# the presence of network partitions, this object may still exist after this
# timestamp, until an administrator or automated process can determine the
# resource is fully terminated. If not set, graceful deletion of the object has
# not been requested. Populated by the system when a graceful deletion is
# requested. Read-only. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
deletionTimestamp:
# (generateName <string>): GenerateName is an optional prefix, used by the
# server, to generate a unique name ONLY IF the Name field has not been
# provided. If this field is used, the name returned to the client will be
# different than the name passed. This value will also be combined with a
# unique suffix. The provided value has the same validation rules as the Name
# field, and may be truncated by the length of the suffix required to make the
# value unique on the server. If this field is specified and the generated
# name exists, the server will NOT return a 409 - instead, it will either
# return 201 Created or 500 with Reason ServerTimeout indicating a unique name
# could not be found in the time allotted, and the client should retry
# (optionally after the time indicated in the Retry-After header). Applied
# only if Name is not specified. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#idempotency
generateName:
# (spec <Object>): Specification of the desired behavior of the Deployment.
spec:
# (minReadySeconds <integer>): Minimum number of seconds for which a newly
# created pod should be ready without any of its container crashing, for it to
# be considered available. Defaults to 0 (pod will be considered available as
# soon as it is ready)
minReadySeconds:
# (paused <boolean>): Indicates that the deployment is paused and will not be
# processed by the deployment controller.
paused:
# (rollbackTo <Object>): The config this deployment is rolling back to. Will
# be cleared after rollback is done.
rollbackTo:
# (revision <integer>): The revision to rollback to. If set to 0, rollbck to
# the last revision.
revision:
# (strategy <Object>): The deployment strategy to use to replace existing pods
# with new ones.
strategy:
# (rollingUpdate <Object>): Rolling update config params. Present only if
# DeploymentStrategyType = RollingUpdate.
rollingUpdate:
# (maxSurge <string>): The maximum number of pods that can be scheduled
# above the desired number of pods. Value can be an absolute number (ex: 5)
# or a percentage of desired pods (ex: 10%). This can not be 0 if
# MaxUnavailable is 0. Absolute number is calculated from percentage by
# rounding up. By default, a value of 1 is used. Example: when this is set
# to 30%, the new RC can be scaled up immediately when the rolling update
# starts, such that the total number of old and new pods do not exceed 130%
# of desired pods. Once old pods have been killed, new RC can be scaled up
# further, ensuring that total number of pods running at any time during
# the update is atmost 130% of desired pods.
maxSurge:
# (maxUnavailable <string>): The maximum number of pods that can be
# unavailable during the update. Value can be an absolute number (ex: 5) or
# a percentage of desired pods (ex: 10%). Absolute number is calculated
# from percentage by rounding down. This can not be 0 if MaxSurge is 0. By
# default, a fixed value of 1 is used. Example: when this is set to 30%,
# the old RC can be scaled down to 70% of desired pods immediately when the
# rolling update starts. Once new pods are ready, old RC can be scaled down
# further, followed by scaling up the new RC, ensuring that the total
# number of pods available at all times during the update is at least 70%
# of desired pods.
maxUnavailable:
# (type <string>): Type of deployment. Can be "Recreate" or "RollingUpdate".
# Default is RollingUpdate.
type:
# (template <Object> -required-): Template describes the pods that will be
# created.
template:
# (metadata <Object>): Standard object's metadata. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
metadata:
# (labels <object>): Map of string keys and values that can be used to
# organize and categorize (scope and select) objects. May match selectors
# of replication controllers and services. More info:
# http://kubernetes.io/docs/user-guide/labels
labels:
# (namespace <string>): Namespace defines the space within each name must
# be unique. An empty namespace is equivalent to the "default" namespace,
# but "default" is the canonical representation. Not all objects are
# required to be scoped to a namespace - the value of this field for those
# objects will be empty. Must be a DNS_LABEL. Cannot be updated. More
# info: http://kubernetes.io/docs/user-guide/namespaces
namespace:
# (annotations <object>): Annotations is an unstructured key value map
# stored with a resource that may be set by external tools to store and
# retrieve arbitrary metadata. They are not queryable and should be
# preserved when modifying objects. More info:
# http://kubernetes.io/docs/user-guide/annotations
annotations:
# (creationTimestamp <string>): CreationTimestamp is a timestamp
# representing the server time when this object was created. It is not
# guaranteed to be set in happens-before order across separate operations.
# Clients may not set this value. It is represented in RFC3339 form and is
# in UTC. Populated by the system. Read-only. Null for lists. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
creationTimestamp:
# (generation <integer>): A sequence number representing a specific
# generation of the desired state. Populated by the system. Read-only.
generation:
# (deletionGracePeriodSeconds <integer>): Number of seconds allowed for
# this object to gracefully terminate before it will be removed from the
# system. Only set when deletionTimestamp is also set. May only be
# shortened. Read-only.
deletionGracePeriodSeconds:
# (ownerReferences <[]Object>): List of objects depended by this object.
# If ALL objects in the list have been deleted, this object will be garbage
# collected. If this object is managed by a controller, then an entry in
# this list will point to this controller, with the controller field set to
# true. There cannot be more than one managing controller.
ownerReferences:
# (uid <string> -required-): UID of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#uids
uid:
# (apiVersion <string> -required-): API version of the referent.
apiVersion:
# (blockOwnerDeletion <boolean>): If true, AND if the owner has the
# "foregroundDeletion" finalizer, then the owner cannot be deleted from
# the key-value store until this reference is removed. Defaults to false.
# To set this field, a user needs "delete" permission of the owner,
# otherwise 422 (Unprocessable Entity) will be returned.
blockOwnerDeletion:
# (controller <boolean>): If true, this reference points to the managing
# controller.
controller:
# (kind <string> -required-): Kind of the referent. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
kind:
# (name <string> -required-): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (selfLink <string>): SelfLink is a URL representing this object.
# Populated by the system. Read-only.
selfLink:
# (finalizers <[]string>): Must be empty before the object is deleted from
# the registry. Each entry is an identifier for the responsible component
# that will remove the entry from the list. If the deletionTimestamp of the
# object is non-nil, entries in this list can only be removed.
finalizers:
# (uid <string>): UID is the unique in time and space value for this
# object. It is typically generated by the server on successful creation of
# a resource and is not allowed to change on PUT operations. Populated by
# the system. Read-only. More info:
# http://kubernetes.io/docs/user-guide/identifiers#uids
uid:
# (name <string>): Name must be unique within a namespace. Is required
# when creating resources, although some resources may allow a client to
# request the generation of an appropriate name automatically. Name is
# primarily intended for creation idempotence and configuration definition.
# Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (resourceVersion <string>): An opaque value that represents the internal
# version of this object that can be used by clients to determine when
# objects have changed. May be used for optimistic concurrency, change
# detection, and the watch operation on a resource or set of resources.
# Clients must treat these values as opaque and passed unmodified back to
# the server. They may only be valid for a particular resource or set of
# resources. Populated by the system. Read-only. Value must be treated as
# opaque by clients and . More info: http://releases.k8s.io/HEAD/docs/
# devel/api-conventions.md#concurrency-control-and-consistency/
resourceVersion:
# (clusterName <string>): The name of the cluster which the object belongs
# to. This is used to distinguish resources with same name and namespace in
# different clusters. This field is not set anywhere right now and
# apiserver is going to ignore it if set in create or update request.
clusterName:
# (deletionTimestamp <string>): DeletionTimestamp is RFC 3339 date and
# time at which this resource will be deleted. This field is set by the
# server when a graceful deletion is requested by the user, and is not
# directly settable by a client. The resource is expected to be deleted (no
# longer visible from resource lists, and not reachable by name) after the
# time in this field. Once set, this value may not be unset or be set
# further into the future, although it may be shortened or the resource may
# be deleted prior to this time. For example, a user may request that a pod
# is deleted in 30 seconds. The Kubelet will react by sending a graceful
# termination signal to the containers in the pod. After that 30 seconds,
# the Kubelet will send a hard termination signal (SIGKILL) to the
# container and after cleanup, remove the pod from the API. In the presence
# of network partitions, this object may still exist after this timestamp,
# until an administrator or automated process can determine the resource is
# fully terminated. If not set, graceful deletion of the object has not
# been requested. Populated by the system when a graceful deletion is
# requested. Read-only. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
deletionTimestamp:
# (generateName <string>): GenerateName is an optional prefix, used by the
# server, to generate a unique name ONLY IF the Name field has not been
# provided. If this field is used, the name returned to the client will be
# different than the name passed. This value will also be combined with a
# unique suffix. The provided value has the same validation rules as the
# Name field, and may be truncated by the length of the suffix required to
# make the value unique on the server. If this field is specified and the
# generated name exists, the server will NOT return a 409 - instead, it
# will either return 201 Created or 500 with Reason ServerTimeout
# indicating a unique name could not be found in the time allotted, and the
# client should retry (optionally after the time indicated in the
# Retry-After header). Applied only if Name is not specified. More info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#idempotency
generateName:
# (spec <Object>): Specification of the desired behavior of the pod. More
# info:
# http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
spec:
# (containers <[]Object> -required-): List of containers belonging to the
# pod. Containers cannot currently be added or removed. There must be at
# least one container in a Pod. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/containers
containers:
# (tty <boolean>): Whether this container should allocate a TTY for
# itself, also requires 'stdin' to be true. Default is false.
tty:
# (command <[]string>): Entrypoint array. Not executed within a shell.
# The docker image's ENTRYPOINT is used if this is not provided. Variable
# references $(VAR_NAME) are expanded using the container's environment.
# If a variable cannot be resolved, the reference in the input string
# will be unchanged. The $(VAR_NAME) syntax can be escaped with a double
# $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
# regardless of whether the variable exists or not. Cannot be updated.
# More info:
# http://kubernetes.io/docs/user-guide/containers#containers-and-commands
command:
# (env <[]Object>): List of environment variables to set in the
# container. Cannot be updated.
env:
# (name <string> -required-): Name of the environment variable. Must
# be a C_IDENTIFIER.
name:
# (value <string>): Variable references $(VAR_NAME) are expanded using
# the previous defined environment variables in the container and any
# service environment variables. If a variable cannot be resolved, the
# reference in the input string will be unchanged. The $(VAR_NAME)
# syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
# references will never be expanded, regardless of whether the variable
# exists or not. Defaults to "".
value:
# (valueFrom <Object>): Source for the environment variable's value.
# Cannot be used if value is not empty.
valueFrom:
# (secretKeyRef <Object>): Selects a key of a secret in the pod's
# namespace
secretKeyRef:
# (key <string> -required-): The key of the secret to select from.
# Must be a valid secret key.
key:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the Secret or it's key
# must be defined
optional:
# (configMapKeyRef <Object>): Selects a key of a ConfigMap.
configMapKeyRef:
# (key <string> -required-): The key to select.
key:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the ConfigMap or it's key
# must be defined
optional:
# (fieldRef <Object>): Selects a field of the pod: supports
# metadata.name, metadata.namespace, metadata.labels,
# metadata.annotations, spec.nodeName, spec.serviceAccountName,
# status.podIP.
fieldRef:
# (apiVersion <string>): Version of the schema the FieldPath is
# written in terms of, defaults to "v1".
apiVersion:
# (fieldPath <string> -required-): Path of the field to select in
# the specified API version.
fieldPath:
# (resourceFieldRef <Object>): Selects a resource of the container:
# only resources limits and requests (limits.cpu, limits.memory,
# requests.cpu and requests.memory) are currently supported.
resourceFieldRef:
# (containerName <string>): Container name: required for volumes,
# optional for env vars
containerName:
# (divisor <string>): Specifies the output format of the exposed
# resources, defaults to "1"
divisor:
# (resource <string> -required-): Required: resource to select
resource:
# (envFrom <[]Object>): List of sources to populate environment
# variables in the container. The keys defined within a source must be a
# C_IDENTIFIER. All invalid keys will be reported as an event when the
# container is starting. When a key exists in multiple sources, the value
# associated with the last source will take precedence. Values defined by
# an Env with a duplicate key will take precedence. Cannot be updated.
envFrom:
# (configMapRef <Object>): The ConfigMap to select from
configMapRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the ConfigMap must be
# defined
optional:
# (prefix <string>): An optional identifer to prepend to each key in
# the ConfigMap. Must be a C_IDENTIFIER.
prefix:
# (secretRef <Object>): The Secret to select from
secretRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the Secret must be defined
optional:
# (lifecycle <Object>): Actions that the management system should take
# in response to container lifecycle events. Cannot be updated.
lifecycle:
# (postStart <Object>): PostStart is called immediately after a
# container is created. If the handler fails, the container is
# terminated and restarted according to its restart policy. Other
# management of the container blocks until the hook completes. More
# info:
# http://kubernetes.io/docs/user-guide/container-environment#hook-details
postStart:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod
# IP. You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (tcpSocket <Object>): TCPSocket specifies an action involving a
# TCP port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (preStop <Object>): PreStop is called immediately before a container
# is terminated. The container is terminated after the handler
# completes. The reason for termination is passed to the handler.
# Regardless of the outcome of the handler, the container is eventually
# terminated. Other management of the container blocks until the hook
# completes. More info:
# http://kubernetes.io/docs/user-guide/container-environment#hook-details
preStop:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod
# IP. You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (tcpSocket <Object>): TCPSocket specifies an action involving a
# TCP port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (ports <[]Object>): List of ports to expose from the container.
# Exposing a port here gives the system additional information about the
# network connections a container uses, but is primarily informational.
# Not specifying a port here DOES NOT prevent that port from being
# exposed. Any port which is listening on the default "0.0.0.0" address
# inside a container will be accessible from the network. Cannot be
# updated.
ports:
# (containerPort <integer> -required-): Number of port to expose on
# the pod's IP address. This must be a valid port number, 0 < x <
# 65536.
containerPort:
# (hostIP <string>): What host IP to bind the external port to.
hostIP:
# (hostPort <integer>): Number of port to expose on the host. If
# specified, this must be a valid port number, 0 < x < 65536. If
# HostNetwork is specified, this must match ContainerPort. Most
# containers do not need this.
hostPort:
# (name <string>): If specified, this must be an IANA_SVC_NAME and
# unique within the pod. Each named port in a pod must have a unique
# name. Name for the port that can be referred to by services.
name:
# (protocol <string>): Protocol for port. Must be UDP or TCP. Defaults
# to "TCP".
protocol:
# (terminationMessagePath <string>): Optional: Path at which the file to
# which the container's termination message will be written is mounted
# into the container's filesystem. Message written is intended to be
# brief final status, such as an assertion failure message. Will be
# truncated by the node if greater than 4096 bytes. The total message
# length across all containers will be limited to 12kb. Defaults to
# /dev/termination-log. Cannot be updated.
terminationMessagePath:
# (image <string>): Docker image name. More info:
# http://kubernetes.io/docs/user-guide/images
image:
# (name <string> -required-): Name of the container specified as a
# DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL).
# Cannot be updated.
name:
# (readinessProbe <Object>): Periodic probe of container service
# readiness. Container will be removed from service endpoints if the
# probe fails. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
readinessProbe:
# (tcpSocket <Object>): TCPSocket specifies an action involving a TCP
# port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (timeoutSeconds <integer>): Number of seconds after which the probe
# times out. Defaults to 1 second. Minimum value is 1. More info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
timeoutSeconds:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (failureThreshold <integer>): Minimum consecutive failures for the
# probe to be considered failed after having succeeded. Defaults to 3.
# Minimum value is 1.
failureThreshold:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod IP.
# You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (initialDelaySeconds <integer>): Number of seconds after the
# container has started before liveness probes are initiated. More
# info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
initialDelaySeconds:
# (periodSeconds <integer>): How often (in seconds) to perform the
# probe. Default to 10 seconds. Minimum value is 1.
periodSeconds:
# (successThreshold <integer>): Minimum consecutive successes for the
# probe to be considered successful after having failed. Defaults to 1.
# Must be 1 for liveness. Minimum value is 1.
successThreshold:
# (resources <Object>): Compute Resources required by this container.
# Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/persistent-volumes#resources
resources:
# (limits <object>): Limits describes the maximum amount of compute
# resources allowed. More info:
# http://kubernetes.io/docs/user-guide/compute-resources/
limits:
# (requests <object>): Requests describes the minimum amount of
# compute resources required. If Requests is omitted for a container,
# it defaults to Limits if that is explicitly specified, otherwise to
# an implementation-defined value. More info:
# http://kubernetes.io/docs/user-guide/compute-resources/
requests:
# (securityContext <Object>): Security options the pod should run with.
# More info: http://releases.k8s.io/HEAD/docs/design/security_context.md
securityContext:
# (runAsUser <integer>): The UID to run the entrypoint of the
# container process. Defaults to user specified in image metadata if
# unspecified. May also be set in PodSecurityContext. If set in both
# SecurityContext and PodSecurityContext, the value specified in
# SecurityContext takes precedence.
runAsUser:
# (seLinuxOptions <Object>): The SELinux context to be applied to the
# container. If unspecified, the container runtime will allocate a
# random SELinux context for each container. May also be set in
# PodSecurityContext. If set in both SecurityContext and
# PodSecurityContext, the value specified in SecurityContext takes
# precedence.
seLinuxOptions:
# (role <string>): Role is a SELinux role label that applies to the
# container.
role:
# (type <string>): Type is a SELinux type label that applies to the
# container.
type:
# (user <string>): User is a SELinux user label that applies to the
# container.
user:
# (level <string>): Level is SELinux level label that applies to the
# container.
level:
# (capabilities <Object>): The capabilities to add/drop when running
# containers. Defaults to the default set of capabilities granted by
# the container runtime.
capabilities:
# (add <[]Object>): Added capabilities
add:
# (drop <[]Object>): Removed capabilities
drop:
# (privileged <boolean>): Run container in privileged mode. Processes
# in privileged containers are essentially equivalent to root on the
# host. Defaults to false.
privileged:
# (readOnlyRootFilesystem <boolean>): Whether this container has a
# read-only root filesystem. Default is false.
readOnlyRootFilesystem:
# (runAsNonRoot <boolean>): Indicates that the container must run as a
# non-root user. If true, the Kubelet will validate the image at
# runtime to ensure that it does not run as UID 0 (root) and fail to
# start the container if it does. If unset or false, no such validation
# will be performed. May also be set in PodSecurityContext. If set in
# both SecurityContext and PodSecurityContext, the value specified in
# SecurityContext takes precedence.
runAsNonRoot:
# (stdinOnce <boolean>): Whether the container runtime should close the
# stdin channel after it has been opened by a single attach. When stdin
# is true the stdin stream will remain open across multiple attach
# sessions. If stdinOnce is set to true, stdin is opened on container
# start, is empty until the first client attaches to stdin, and then
# remains open and accepts data until the client disconnects, at which
# time stdin is closed and remains closed until the container is
# restarted. If this flag is false, a container processes that reads from
# stdin will never receive an EOF. Default is false
stdinOnce:
# (livenessProbe <Object>): Periodic probe of container liveness.
# Container will be restarted if the probe fails. Cannot be updated. More
# info: http://kubernetes.io/docs/user-guide/pod-states#container-probes
livenessProbe:
# (tcpSocket <Object>): TCPSocket specifies an action involving a TCP
# port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (timeoutSeconds <integer>): Number of seconds after which the probe
# times out. Defaults to 1 second. Minimum value is 1. More info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
timeoutSeconds:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (failureThreshold <integer>): Minimum consecutive failures for the
# probe to be considered failed after having succeeded. Defaults to 3.
# Minimum value is 1.
failureThreshold:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod IP.
# You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (initialDelaySeconds <integer>): Number of seconds after the
# container has started before liveness probes are initiated. More
# info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
initialDelaySeconds:
# (periodSeconds <integer>): How often (in seconds) to perform the
# probe. Default to 10 seconds. Minimum value is 1.
periodSeconds:
# (successThreshold <integer>): Minimum consecutive successes for the
# probe to be considered successful after having failed. Defaults to 1.
# Must be 1 for liveness. Minimum value is 1.
successThreshold:
# (stdin <boolean>): Whether this container should allocate a buffer for
# stdin in the container runtime. If this is not set, reads from stdin in
# the container will always result in EOF. Default is false.
stdin:
# (terminationMessagePolicy <string>): Indicate how the termination
# message should be populated. File will use the contents of
# terminationMessagePath to populate the container status message on both
# success and failure. FallbackToLogsOnError will use the last chunk of
# container log output if the termination message file is empty and the
# container exited with an error. The log output is limited to 2048 bytes
# or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
terminationMessagePolicy:
# (volumeMounts <[]Object>): Pod volumes to mount into the container's
# filesystem. Cannot be updated.
volumeMounts:
# (mountPath <string> -required-): Path within the container at which
# the volume should be mounted. Must not contain ':'.
mountPath:
# (name <string> -required-): This must match the Name of a Volume.
name:
# (readOnly <boolean>): Mounted read-only if true, read-write
# otherwise (false or unspecified). Defaults to false.
readOnly:
# (subPath <string>): Path within the volume from which the
# container's volume should be mounted. Defaults to "" (volume's root).
subPath:
# (args <[]string>): Arguments to the entrypoint. The docker image's CMD
# is used if this is not provided. Variable references $(VAR_NAME) are
# expanded using the container's environment. If a variable cannot be
# resolved, the reference in the input string will be unchanged. The
# $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).
# Escaped references will never be expanded, regardless of whether the
# variable exists or not. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/containers#containers-and-commands
args:
# (imagePullPolicy <string>): Image pull policy. One of Always, Never,
# IfNotPresent. Defaults to Always if :latest tag is specified, or
# IfNotPresent otherwise. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/images#updating-images
imagePullPolicy:
# (workingDir <string>): Container's working directory. If not
# specified, the container runtime's default will be used, which might be
# configured in the container image. Cannot be updated.
workingDir:
# (hostNetwork <boolean>): Host networking requested for this pod. Use the
# host's network namespace. If this option is set, the ports that will be
# used must be specified. Default to false.
hostNetwork:
# (terminationGracePeriodSeconds <integer>): Optional duration in seconds
# the pod needs to terminate gracefully. May be decreased in delete
# request. Value must be non-negative integer. The value zero indicates
# delete immediately. If this value is nil, the default grace period will
# be used instead. The grace period is the duration in seconds after the
# processes running in the pod are sent a termination signal and the time
# when the processes are forcibly halted with a kill signal. Set this value
# longer than the expected cleanup time for your process. Defaults to 30
# seconds.
terminationGracePeriodSeconds:
# (hostPID <boolean>): Use the host's pid namespace. Optional: Default to
# false.
hostPID:
# (initContainers <[]Object>): List of initialization containers belonging
# to the pod. Init containers are executed in order prior to containers
# being started. If any init container fails, the pod is considered to have
# failed and is handled according to its restartPolicy. The name for an
# init container or normal container must be unique among all containers.
# Init containers may not have Lifecycle actions, Readiness probes, or
# Liveness probes. The resourceRequirements of an init container are taken
# into account during scheduling by finding the highest request/limit for
# each resource type, and then using the max of of that value or the sum of
# the normal containers. Limits are applied to init containers in a similar
# fashion. Init containers cannot currently be added or removed. Cannot be
# updated. More info: http://kubernetes.io/docs/user-guide/containers
initContainers:
# (tty <boolean>): Whether this container should allocate a TTY for
# itself, also requires 'stdin' to be true. Default is false.
tty:
# (command <[]string>): Entrypoint array. Not executed within a shell.
# The docker image's ENTRYPOINT is used if this is not provided. Variable
# references $(VAR_NAME) are expanded using the container's environment.
# If a variable cannot be resolved, the reference in the input string
# will be unchanged. The $(VAR_NAME) syntax can be escaped with a double
# $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
# regardless of whether the variable exists or not. Cannot be updated.
# More info:
# http://kubernetes.io/docs/user-guide/containers#containers-and-commands
command:
# (env <[]Object>): List of environment variables to set in the
# container. Cannot be updated.
env:
# (name <string> -required-): Name of the environment variable. Must
# be a C_IDENTIFIER.
name:
# (value <string>): Variable references $(VAR_NAME) are expanded using
# the previous defined environment variables in the container and any
# service environment variables. If a variable cannot be resolved, the
# reference in the input string will be unchanged. The $(VAR_NAME)
# syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
# references will never be expanded, regardless of whether the variable
# exists or not. Defaults to "".
value:
# (valueFrom <Object>): Source for the environment variable's value.
# Cannot be used if value is not empty.
valueFrom:
# (secretKeyRef <Object>): Selects a key of a secret in the pod's
# namespace
secretKeyRef:
# (key <string> -required-): The key of the secret to select from.
# Must be a valid secret key.
key:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the Secret or it's key
# must be defined
optional:
# (configMapKeyRef <Object>): Selects a key of a ConfigMap.
configMapKeyRef:
# (key <string> -required-): The key to select.
key:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the ConfigMap or it's key
# must be defined
optional:
# (fieldRef <Object>): Selects a field of the pod: supports
# metadata.name, metadata.namespace, metadata.labels,
# metadata.annotations, spec.nodeName, spec.serviceAccountName,
# status.podIP.
fieldRef:
# (apiVersion <string>): Version of the schema the FieldPath is
# written in terms of, defaults to "v1".
apiVersion:
# (fieldPath <string> -required-): Path of the field to select in
# the specified API version.
fieldPath:
# (resourceFieldRef <Object>): Selects a resource of the container:
# only resources limits and requests (limits.cpu, limits.memory,
# requests.cpu and requests.memory) are currently supported.
resourceFieldRef:
# (containerName <string>): Container name: required for volumes,
# optional for env vars
containerName:
# (divisor <string>): Specifies the output format of the exposed
# resources, defaults to "1"
divisor:
# (resource <string> -required-): Required: resource to select
resource:
# (envFrom <[]Object>): List of sources to populate environment
# variables in the container. The keys defined within a source must be a
# C_IDENTIFIER. All invalid keys will be reported as an event when the
# container is starting. When a key exists in multiple sources, the value
# associated with the last source will take precedence. Values defined by
# an Env with a duplicate key will take precedence. Cannot be updated.
envFrom:
# (configMapRef <Object>): The ConfigMap to select from
configMapRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the ConfigMap must be
# defined
optional:
# (prefix <string>): An optional identifer to prepend to each key in
# the ConfigMap. Must be a C_IDENTIFIER.
prefix:
# (secretRef <Object>): The Secret to select from
secretRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the Secret must be defined
optional:
# (lifecycle <Object>): Actions that the management system should take
# in response to container lifecycle events. Cannot be updated.
lifecycle:
# (postStart <Object>): PostStart is called immediately after a
# container is created. If the handler fails, the container is
# terminated and restarted according to its restart policy. Other
# management of the container blocks until the hook completes. More
# info:
# http://kubernetes.io/docs/user-guide/container-environment#hook-details
postStart:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod
# IP. You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (tcpSocket <Object>): TCPSocket specifies an action involving a
# TCP port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (preStop <Object>): PreStop is called immediately before a container
# is terminated. The container is terminated after the handler
# completes. The reason for termination is passed to the handler.
# Regardless of the outcome of the handler, the container is eventually
# terminated. Other management of the container blocks until the hook
# completes. More info:
# http://kubernetes.io/docs/user-guide/container-environment#hook-details
preStop:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod
# IP. You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (tcpSocket <Object>): TCPSocket specifies an action involving a
# TCP port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name
# must be an IANA_SVC_NAME.
port:
# (ports <[]Object>): List of ports to expose from the container.
# Exposing a port here gives the system additional information about the
# network connections a container uses, but is primarily informational.
# Not specifying a port here DOES NOT prevent that port from being
# exposed. Any port which is listening on the default "0.0.0.0" address
# inside a container will be accessible from the network. Cannot be
# updated.
ports:
# (containerPort <integer> -required-): Number of port to expose on
# the pod's IP address. This must be a valid port number, 0 < x <
# 65536.
containerPort:
# (hostIP <string>): What host IP to bind the external port to.
hostIP:
# (hostPort <integer>): Number of port to expose on the host. If
# specified, this must be a valid port number, 0 < x < 65536. If
# HostNetwork is specified, this must match ContainerPort. Most
# containers do not need this.
hostPort:
# (name <string>): If specified, this must be an IANA_SVC_NAME and
# unique within the pod. Each named port in a pod must have a unique
# name. Name for the port that can be referred to by services.
name:
# (protocol <string>): Protocol for port. Must be UDP or TCP. Defaults
# to "TCP".
protocol:
# (terminationMessagePath <string>): Optional: Path at which the file to
# which the container's termination message will be written is mounted
# into the container's filesystem. Message written is intended to be
# brief final status, such as an assertion failure message. Will be
# truncated by the node if greater than 4096 bytes. The total message
# length across all containers will be limited to 12kb. Defaults to
# /dev/termination-log. Cannot be updated.
terminationMessagePath:
# (image <string>): Docker image name. More info:
# http://kubernetes.io/docs/user-guide/images
image:
# (name <string> -required-): Name of the container specified as a
# DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL).
# Cannot be updated.
name:
# (readinessProbe <Object>): Periodic probe of container service
# readiness. Container will be removed from service endpoints if the
# probe fails. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
readinessProbe:
# (tcpSocket <Object>): TCPSocket specifies an action involving a TCP
# port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (timeoutSeconds <integer>): Number of seconds after which the probe
# times out. Defaults to 1 second. Minimum value is 1. More info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
timeoutSeconds:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (failureThreshold <integer>): Minimum consecutive failures for the
# probe to be considered failed after having succeeded. Defaults to 3.
# Minimum value is 1.
failureThreshold:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod IP.
# You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (initialDelaySeconds <integer>): Number of seconds after the
# container has started before liveness probes are initiated. More
# info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
initialDelaySeconds:
# (periodSeconds <integer>): How often (in seconds) to perform the
# probe. Default to 10 seconds. Minimum value is 1.
periodSeconds:
# (successThreshold <integer>): Minimum consecutive successes for the
# probe to be considered successful after having failed. Defaults to 1.
# Must be 1 for liveness. Minimum value is 1.
successThreshold:
# (resources <Object>): Compute Resources required by this container.
# Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/persistent-volumes#resources
resources:
# (limits <object>): Limits describes the maximum amount of compute
# resources allowed. More info:
# http://kubernetes.io/docs/user-guide/compute-resources/
limits:
# (requests <object>): Requests describes the minimum amount of
# compute resources required. If Requests is omitted for a container,
# it defaults to Limits if that is explicitly specified, otherwise to
# an implementation-defined value. More info:
# http://kubernetes.io/docs/user-guide/compute-resources/
requests:
# (securityContext <Object>): Security options the pod should run with.
# More info: http://releases.k8s.io/HEAD/docs/design/security_context.md
securityContext:
# (runAsUser <integer>): The UID to run the entrypoint of the
# container process. Defaults to user specified in image metadata if
# unspecified. May also be set in PodSecurityContext. If set in both
# SecurityContext and PodSecurityContext, the value specified in
# SecurityContext takes precedence.
runAsUser:
# (seLinuxOptions <Object>): The SELinux context to be applied to the
# container. If unspecified, the container runtime will allocate a
# random SELinux context for each container. May also be set in
# PodSecurityContext. If set in both SecurityContext and
# PodSecurityContext, the value specified in SecurityContext takes
# precedence.
seLinuxOptions:
# (role <string>): Role is a SELinux role label that applies to the
# container.
role:
# (type <string>): Type is a SELinux type label that applies to the
# container.
type:
# (user <string>): User is a SELinux user label that applies to the
# container.
user:
# (level <string>): Level is SELinux level label that applies to the
# container.
level:
# (capabilities <Object>): The capabilities to add/drop when running
# containers. Defaults to the default set of capabilities granted by
# the container runtime.
capabilities:
# (add <[]Object>): Added capabilities
add:
# (drop <[]Object>): Removed capabilities
drop:
# (privileged <boolean>): Run container in privileged mode. Processes
# in privileged containers are essentially equivalent to root on the
# host. Defaults to false.
privileged:
# (readOnlyRootFilesystem <boolean>): Whether this container has a
# read-only root filesystem. Default is false.
readOnlyRootFilesystem:
# (runAsNonRoot <boolean>): Indicates that the container must run as a
# non-root user. If true, the Kubelet will validate the image at
# runtime to ensure that it does not run as UID 0 (root) and fail to
# start the container if it does. If unset or false, no such validation
# will be performed. May also be set in PodSecurityContext. If set in
# both SecurityContext and PodSecurityContext, the value specified in
# SecurityContext takes precedence.
runAsNonRoot:
# (stdinOnce <boolean>): Whether the container runtime should close the
# stdin channel after it has been opened by a single attach. When stdin
# is true the stdin stream will remain open across multiple attach
# sessions. If stdinOnce is set to true, stdin is opened on container
# start, is empty until the first client attaches to stdin, and then
# remains open and accepts data until the client disconnects, at which
# time stdin is closed and remains closed until the container is
# restarted. If this flag is false, a container processes that reads from
# stdin will never receive an EOF. Default is false
stdinOnce:
# (livenessProbe <Object>): Periodic probe of container liveness.
# Container will be restarted if the probe fails. Cannot be updated. More
# info: http://kubernetes.io/docs/user-guide/pod-states#container-probes
livenessProbe:
# (tcpSocket <Object>): TCPSocket specifies an action involving a TCP
# port. TCP hooks not yet supported
tcpSocket:
# (port <string> -required-): Number or name of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (timeoutSeconds <integer>): Number of seconds after which the probe
# times out. Defaults to 1 second. Minimum value is 1. More info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
timeoutSeconds:
# (exec <Object>): One and only one of the following should be
# specified. Exec specifies the action to take.
exec:
# (command <[]string>): Command is the command line to execute
# inside the container, the working directory for the command is
# root ('/') in the container's filesystem. The command is simply
# exec'd, it is not run inside a shell, so traditional shell
# instructions ('|', etc) won't work. To use a shell, you need to
# explicitly call out to that shell. Exit status of 0 is treated as
# live/healthy and non-zero is unhealthy.
command:
# (failureThreshold <integer>): Minimum consecutive failures for the
# probe to be considered failed after having succeeded. Defaults to 3.
# Minimum value is 1.
failureThreshold:
# (httpGet <Object>): HTTPGet specifies the http request to perform.
httpGet:
# (port <string> -required-): Name or number of the port to access
# on the container. Number must be in the range 1 to 65535. Name must
# be an IANA_SVC_NAME.
port:
# (scheme <string>): Scheme to use for connecting to the host.
# Defaults to HTTP.
scheme:
# (host <string>): Host name to connect to, defaults to the pod IP.
# You probably want to set "Host" in httpHeaders instead.
host:
# (httpHeaders <[]Object>): Custom headers to set in the request.
# HTTP allows repeated headers.
httpHeaders:
# (name <string> -required-): The header field name
name:
# (value <string> -required-): The header field value
value:
# (path <string>): Path to access on the HTTP server.
path:
# (initialDelaySeconds <integer>): Number of seconds after the
# container has started before liveness probes are initiated. More
# info:
# http://kubernetes.io/docs/user-guide/pod-states#container-probes
initialDelaySeconds:
# (periodSeconds <integer>): How often (in seconds) to perform the
# probe. Default to 10 seconds. Minimum value is 1.
periodSeconds:
# (successThreshold <integer>): Minimum consecutive successes for the
# probe to be considered successful after having failed. Defaults to 1.
# Must be 1 for liveness. Minimum value is 1.
successThreshold:
# (stdin <boolean>): Whether this container should allocate a buffer for
# stdin in the container runtime. If this is not set, reads from stdin in
# the container will always result in EOF. Default is false.
stdin:
# (terminationMessagePolicy <string>): Indicate how the termination
# message should be populated. File will use the contents of
# terminationMessagePath to populate the container status message on both
# success and failure. FallbackToLogsOnError will use the last chunk of
# container log output if the termination message file is empty and the
# container exited with an error. The log output is limited to 2048 bytes
# or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
terminationMessagePolicy:
# (volumeMounts <[]Object>): Pod volumes to mount into the container's
# filesystem. Cannot be updated.
volumeMounts:
# (mountPath <string> -required-): Path within the container at which
# the volume should be mounted. Must not contain ':'.
mountPath:
# (name <string> -required-): This must match the Name of a Volume.
name:
# (readOnly <boolean>): Mounted read-only if true, read-write
# otherwise (false or unspecified). Defaults to false.
readOnly:
# (subPath <string>): Path within the volume from which the
# container's volume should be mounted. Defaults to "" (volume's root).
subPath:
# (args <[]string>): Arguments to the entrypoint. The docker image's CMD
# is used if this is not provided. Variable references $(VAR_NAME) are
# expanded using the container's environment. If a variable cannot be
# resolved, the reference in the input string will be unchanged. The
# $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).
# Escaped references will never be expanded, regardless of whether the
# variable exists or not. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/containers#containers-and-commands
args:
# (imagePullPolicy <string>): Image pull policy. One of Always, Never,
# IfNotPresent. Defaults to Always if :latest tag is specified, or
# IfNotPresent otherwise. Cannot be updated. More info:
# http://kubernetes.io/docs/user-guide/images#updating-images
imagePullPolicy:
# (workingDir <string>): Container's working directory. If not
# specified, the container runtime's default will be used, which might be
# configured in the container image. Cannot be updated.
workingDir:
# (nodeName <string>): NodeName is a request to schedule this pod onto a
# specific node. If it is non-empty, the scheduler simply schedules this
# pod onto that node, assuming that it fits resource requirements.
nodeName:
# (nodeSelector <object>): NodeSelector is a selector which must be true
# for the pod to fit on a node. Selector which must match a node's labels
# for the pod to be scheduled on that node. More info:
# http://kubernetes.io/docs/user-guide/node-selection/README
nodeSelector:
# (schedulerName <string>): If specified, the pod will be dispatched by
# specified scheduler. If not specified, the pod will be dispatched by
# default scheduler.
schedulerName:
# (subdomain <string>): If specified, the fully qualified Pod hostname
# will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If
# not specified, the pod will not have a domainname at all.
subdomain:
# (tolerations <[]Object>): If specified, the pod's tolerations.
tolerations:
# (effect <string>): Effect indicates the taint effect to match. Empty
# means match all taint effects. When specified, allowed values are
# NoSchedule, PreferNoSchedule and NoExecute.
effect:
# (key <string>): Key is the taint key that the toleration applies to.
# Empty means match all taint keys. If the key is empty, operator must be
# Exists; this combination means to match all values and all keys.
key:
# (operator <string>): Operator represents a key's relationship to the
# value. Valid operators are Exists and Equal. Defaults to Equal. Exists
# is equivalent to wildcard for value, so that a pod can tolerate all
# taints of a particular category.
operator:
# (tolerationSeconds <integer>): TolerationSeconds represents the period
# of time the toleration (which must be of effect NoExecute, otherwise
# this field is ignored) tolerates the taint. By default, it is not set,
# which means tolerate the taint forever (do not evict). Zero and
# negative values will be treated as 0 (evict immediately) by the system.
tolerationSeconds:
# (value <string>): Value is the taint value the toleration matches to.
# If the operator is Exists, the value should be empty, otherwise just a
# regular string.
value:
# (affinity <Object>): If specified, the pod's scheduling constraints
affinity:
# (podAffinity <Object>): Describes pod affinity scheduling rules (e.g.
# co-locate this pod in the same node, zone, etc. as some other pod(s)).
podAffinity:
# (preferredDuringSchedulingIgnoredDuringExecution <[]Object>): The
# scheduler will prefer to schedule pods to nodes that satisfy the
# affinity expressions specified by this field, but it may choose a
# node that violates one or more of the expressions. The node that is
# most preferred is the one with the greatest sum of weights, i.e. for
# each node that meets all of the scheduling requirements (resource
# request, requiredDuringScheduling affinity expressions, etc.),
# compute a sum by iterating through the elements of this field and
# adding "weight" to the sum if the node has pods which matches the
# corresponding podAffinityTerm; the node(s) with the highest sum are
# the most preferred.
preferredDuringSchedulingIgnoredDuringExecution:
# (podAffinityTerm <Object> -required-): Required. A pod affinity
# term, associated with the corresponding weight.
podAffinityTerm:
# (labelSelector <Object>): A label query over a set of resources,
# in this case pods.
labelSelector:
# (matchExpressions <[]Object>): matchExpressions is a list of
# label selector requirements. The requirements are ANDed.
matchExpressions:
# (key <string> -required-): key is the label key that the
# selector applies to.
key:
# (operator <string> -required-): operator represents a key's
# relationship to a set of values. Valid operators ard In,
# NotIn, Exists and DoesNotExist.
operator:
# (values <[]string>): values is an array of string values. If
# the operator is In or NotIn, the values array must be
# non-empty. If the operator is Exists or DoesNotExist, the
# values array must be empty. This array is replaced during a
# strategic merge patch.
values:
# (matchLabels <object>): matchLabels is a map of {key,value}
# pairs. A single {key,value} in the matchLabels map is
# equivalent to an element of matchExpressions, whose key field
# is "key", the operator is "In", and the values array contains
# only "value". The requirements are ANDed.
matchLabels:
# (namespaces <[]string>): namespaces specifies which namespaces
# the labelSelector applies to (matches against); null or empty
# list means "this pod's namespace"
namespaces:
# (topologyKey <string>): This pod should be co-located (affinity)
# or not co-located (anti-affinity) with the pods matching the
# labelSelector in the specified namespaces, where co-located is
# defined as running on a node whose value of the label with key
# topologyKey matches that of any node on which any of the selected
# pods is running. For PreferredDuringScheduling pod anti-affinity,
# empty topologyKey is interpreted as "all topologies" ("all
# topologies" here means all the topologyKeys indicated by
# scheduler command-line argument --failure-domains); for affinity
# and for RequiredDuringScheduling pod anti-affinity, empty
# topologyKey is not allowed.
topologyKey:
# (weight <integer> -required-): weight associated with matching the
# corresponding podAffinityTerm, in the range 1-100.
weight:
# (requiredDuringSchedulingIgnoredDuringExecution <[]Object>): NOT YET
# IMPLEMENTED. TODO: Uncomment field once it is implemented. If the
# affinity requirements specified by this field are not met at
# scheduling time, the pod will not be scheduled onto the node. If the
# affinity requirements specified by this field cease to be met at some
# point during pod execution (e.g. due to a pod label update), the
# system will try to eventually evict the pod from its node. When there
# are multiple elements, the lists of nodes corresponding to each
# podAffinityTerm are intersected, i.e. all terms must be satisfied.
# RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm
# `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` If
# the affinity requirements specified by this field are not met at
# scheduling time, the pod will not be scheduled onto the node. If the
# affinity requirements specified by this field cease to be met at some
# point during pod execution (e.g. due to a pod label update), the
# system may or may not try to eventually evict the pod from its node.
# When there are multiple elements, the lists of nodes corresponding to
# each podAffinityTerm are intersected, i.e. all terms must be
# satisfied.
requiredDuringSchedulingIgnoredDuringExecution:
# (labelSelector <Object>): A label query over a set of resources,
# in this case pods.
labelSelector:
# (matchExpressions <[]Object>): matchExpressions is a list of
# label selector requirements. The requirements are ANDed.
matchExpressions:
# (key <string> -required-): key is the label key that the
# selector applies to.
key:
# (operator <string> -required-): operator represents a key's
# relationship to a set of values. Valid operators ard In, NotIn,
# Exists and DoesNotExist.
operator:
# (values <[]string>): values is an array of string values. If
# the operator is In or NotIn, the values array must be
# non-empty. If the operator is Exists or DoesNotExist, the
# values array must be empty. This array is replaced during a
# strategic merge patch.
values:
# (matchLabels <object>): matchLabels is a map of {key,value}
# pairs. A single {key,value} in the matchLabels map is equivalent
# to an element of matchExpressions, whose key field is "key", the
# operator is "In", and the values array contains only "value". The
# requirements are ANDed.
matchLabels:
# (namespaces <[]string>): namespaces specifies which namespaces the
# labelSelector applies to (matches against); null or empty list
# means "this pod's namespace"
namespaces:
# (topologyKey <string>): This pod should be co-located (affinity)
# or not co-located (anti-affinity) with the pods matching the
# labelSelector in the specified namespaces, where co-located is
# defined as running on a node whose value of the label with key
# topologyKey matches that of any node on which any of the selected
# pods is running. For PreferredDuringScheduling pod anti-affinity,
# empty topologyKey is interpreted as "all topologies" ("all
# topologies" here means all the topologyKeys indicated by scheduler
# command-line argument --failure-domains); for affinity and for
# RequiredDuringScheduling pod anti-affinity, empty topologyKey is
# not allowed.
topologyKey:
# (podAntiAffinity <Object>): Describes pod anti-affinity scheduling
# rules (e.g. avoid putting this pod in the same node, zone, etc. as some
# other pod(s)).
podAntiAffinity:
# (preferredDuringSchedulingIgnoredDuringExecution <[]Object>): The
# scheduler will prefer to schedule pods to nodes that satisfy the
# anti-affinity expressions specified by this field, but it may choose
# a node that violates one or more of the expressions. The node that is
# most preferred is the one with the greatest sum of weights, i.e. for
# each node that meets all of the scheduling requirements (resource
# request, requiredDuringScheduling anti-affinity expressions, etc.),
# compute a sum by iterating through the elements of this field and
# adding "weight" to the sum if the node has pods which matches the
# corresponding podAffinityTerm; the node(s) with the highest sum are
# the most preferred.
preferredDuringSchedulingIgnoredDuringExecution:
# (podAffinityTerm <Object> -required-): Required. A pod affinity
# term, associated with the corresponding weight.
podAffinityTerm:
# (labelSelector <Object>): A label query over a set of resources,
# in this case pods.
labelSelector:
# (matchExpressions <[]Object>): matchExpressions is a list of
# label selector requirements. The requirements are ANDed.
matchExpressions:
# (key <string> -required-): key is the label key that the
# selector applies to.
key:
# (operator <string> -required-): operator represents a key's
# relationship to a set of values. Valid operators ard In,
# NotIn, Exists and DoesNotExist.
operator:
# (values <[]string>): values is an array of string values. If
# the operator is In or NotIn, the values array must be
# non-empty. If the operator is Exists or DoesNotExist, the
# values array must be empty. This array is replaced during a
# strategic merge patch.
values:
# (matchLabels <object>): matchLabels is a map of {key,value}
# pairs. A single {key,value} in the matchLabels map is
# equivalent to an element of matchExpressions, whose key field
# is "key", the operator is "In", and the values array contains
# only "value". The requirements are ANDed.
matchLabels:
# (namespaces <[]string>): namespaces specifies which namespaces
# the labelSelector applies to (matches against); null or empty
# list means "this pod's namespace"
namespaces:
# (topologyKey <string>): This pod should be co-located (affinity)
# or not co-located (anti-affinity) with the pods matching the
# labelSelector in the specified namespaces, where co-located is
# defined as running on a node whose value of the label with key
# topologyKey matches that of any node on which any of the selected
# pods is running. For PreferredDuringScheduling pod anti-affinity,
# empty topologyKey is interpreted as "all topologies" ("all
# topologies" here means all the topologyKeys indicated by
# scheduler command-line argument --failure-domains); for affinity
# and for RequiredDuringScheduling pod anti-affinity, empty
# topologyKey is not allowed.
topologyKey:
# (weight <integer> -required-): weight associated with matching the
# corresponding podAffinityTerm, in the range 1-100.
weight:
# (requiredDuringSchedulingIgnoredDuringExecution <[]Object>): NOT YET
# IMPLEMENTED. TODO: Uncomment field once it is implemented. If the
# anti-affinity requirements specified by this field are not met at
# scheduling time, the pod will not be scheduled onto the node. If the
# anti-affinity requirements specified by this field cease to be met at
# some point during pod execution (e.g. due to a pod label update), the
# system will try to eventually evict the pod from its node. When there
# are multiple elements, the lists of nodes corresponding to each
# podAffinityTerm are intersected, i.e. all terms must be satisfied.
# RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm
# `json:"requiredDuringSchedulingRequiredDuringExecution,omitempty"` If
# the anti-affinity requirements specified by this field are not met at
# scheduling time, the pod will not be scheduled onto the node. If the
# anti-affinity requirements specified by this field cease to be met at
# some point during pod execution (e.g. due to a pod label update), the
# system may or may not try to eventually evict the pod from its node.
# When there are multiple elements, the lists of nodes corresponding to
# each podAffinityTerm are intersected, i.e. all terms must be
# satisfied.
requiredDuringSchedulingIgnoredDuringExecution:
# (labelSelector <Object>): A label query over a set of resources,
# in this case pods.
labelSelector:
# (matchExpressions <[]Object>): matchExpressions is a list of
# label selector requirements. The requirements are ANDed.
matchExpressions:
# (key <string> -required-): key is the label key that the
# selector applies to.
key:
# (operator <string> -required-): operator represents a key's
# relationship to a set of values. Valid operators ard In, NotIn,
# Exists and DoesNotExist.
operator:
# (values <[]string>): values is an array of string values. If
# the operator is In or NotIn, the values array must be
# non-empty. If the operator is Exists or DoesNotExist, the
# values array must be empty. This array is replaced during a
# strategic merge patch.
values:
# (matchLabels <object>): matchLabels is a map of {key,value}
# pairs. A single {key,value} in the matchLabels map is equivalent
# to an element of matchExpressions, whose key field is "key", the
# operator is "In", and the values array contains only "value". The
# requirements are ANDed.
matchLabels:
# (namespaces <[]string>): namespaces specifies which namespaces the
# labelSelector applies to (matches against); null or empty list
# means "this pod's namespace"
namespaces:
# (topologyKey <string>): This pod should be co-located (affinity)
# or not co-located (anti-affinity) with the pods matching the
# labelSelector in the specified namespaces, where co-located is
# defined as running on a node whose value of the label with key
# topologyKey matches that of any node on which any of the selected
# pods is running. For PreferredDuringScheduling pod anti-affinity,
# empty topologyKey is interpreted as "all topologies" ("all
# topologies" here means all the topologyKeys indicated by scheduler
# command-line argument --failure-domains); for affinity and for
# RequiredDuringScheduling pod anti-affinity, empty topologyKey is
# not allowed.
topologyKey:
# (nodeAffinity <Object>): Describes node affinity scheduling rules for
# the pod.
nodeAffinity:
# (preferredDuringSchedulingIgnoredDuringExecution <[]Object>): The
# scheduler will prefer to schedule pods to nodes that satisfy the
# affinity expressions specified by this field, but it may choose a
# node that violates one or more of the expressions. The node that is
# most preferred is the one with the greatest sum of weights, i.e. for
# each node that meets all of the scheduling requirements (resource
# request, requiredDuringScheduling affinity expressions, etc.),
# compute a sum by iterating through the elements of this field and
# adding "weight" to the sum if the node matches the corresponding
# matchExpressions; the node(s) with the highest sum are the most
# preferred.
preferredDuringSchedulingIgnoredDuringExecution:
# (preference <Object> -required-): A node selector term, associated
# with the corresponding weight.
preference:
# (matchExpressions <[]Object> -required-): Required. A list of
# node selector requirements. The requirements are ANDed.
matchExpressions:
# (values <[]string>): An array of string values. If the
# operator is In or NotIn, the values array must be non-empty. If
# the operator is Exists or DoesNotExist, the values array must
# be empty. If the operator is Gt or Lt, the values array must
# have a single element, which will be interpreted as an integer.
# This array is replaced during a strategic merge patch.
values:
# (key <string> -required-): The label key that the selector
# applies to.
key:
# (operator <string> -required-): Represents a key's
# relationship to a set of values. Valid operators are In, NotIn,
# Exists, DoesNotExist. Gt, and Lt.
operator:
# (weight <integer> -required-): Weight associated with matching the
# corresponding nodeSelectorTerm, in the range 1-100.
weight:
# (requiredDuringSchedulingIgnoredDuringExecution <Object>): If the
# affinity requirements specified by this field are not met at
# scheduling time, the pod will not be scheduled onto the node. If the
# affinity requirements specified by this field cease to be met at some
# point during pod execution (e.g. due to an update), the system may or
# may not try to eventually evict the pod from its node.
requiredDuringSchedulingIgnoredDuringExecution:
# (nodeSelectorTerms <[]Object> -required-): Required. A list of
# node selector terms. The terms are ORed.
nodeSelectorTerms:
# (matchExpressions <[]Object> -required-): Required. A list of
# node selector requirements. The requirements are ANDed.
matchExpressions:
# (values <[]string>): An array of string values. If the
# operator is In or NotIn, the values array must be non-empty. If
# the operator is Exists or DoesNotExist, the values array must
# be empty. If the operator is Gt or Lt, the values array must
# have a single element, which will be interpreted as an integer.
# This array is replaced during a strategic merge patch.
values:
# (key <string> -required-): The label key that the selector
# applies to.
key:
# (operator <string> -required-): Represents a key's
# relationship to a set of values. Valid operators are In, NotIn,
# Exists, DoesNotExist. Gt, and Lt.
operator:
# (automountServiceAccountToken <boolean>): AutomountServiceAccountToken
# indicates whether a service account token should be automatically
# mounted.
automountServiceAccountToken:
# (hostIPC <boolean>): Use the host's ipc namespace. Optional: Default to
# false.
hostIPC:
# (hostname <string>): Specifies the hostname of the Pod If not specified,
# the pod's hostname will be set to a system-defined value.
hostname:
# (imagePullSecrets <[]Object>): ImagePullSecrets is an optional list of
# references to secrets in the same namespace to use for pulling any of the
# images used by this PodSpec. If specified, these secrets will be passed
# to individual puller implementations for them to use. For example, in the
# case of docker, only DockerConfig type secrets are honored. More info:
# http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
imagePullSecrets:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (securityContext <Object>): SecurityContext holds pod-level security
# attributes and common container settings. Optional: Defaults to empty.
# See type description for default values of each field.
securityContext:
# (seLinuxOptions <Object>): The SELinux context to be applied to all
# containers. If unspecified, the container runtime will allocate a
# random SELinux context for each container. May also be set in
# SecurityContext. If set in both SecurityContext and
# PodSecurityContext, the value specified in SecurityContext takes
# precedence for that container.
seLinuxOptions:
# (role <string>): Role is a SELinux role label that applies to the
# container.
role:
# (type <string>): Type is a SELinux type label that applies to the
# container.
type:
# (user <string>): User is a SELinux user label that applies to the
# container.
user:
# (level <string>): Level is SELinux level label that applies to the
# container.
level:
# (supplementalGroups <[]integer>): A list of groups applied to the
# first process run in each container, in addition to the container's
# primary GID. If unspecified, no groups will be added to any container.
supplementalGroups:
# (fsGroup <integer>): A special supplemental group that applies to all
# containers in a pod. Some volume types allow the Kubelet to change the
# ownership of that volume to be owned by the pod: 1. The owning GID
# will be the FSGroup 2. The setgid bit is set (new files created in the
# volume will be owned by FSGroup) 3. The permission bits are OR'd with
# rw-rw
fsGroup:
# (runAsNonRoot <boolean>): Indicates that the container must run as a
# non-root user. If true, the Kubelet will validate the image at runtime
# to ensure that it does not run as UID 0 (root) and fail to start the
# container if it does. If unset or false, no such validation will be
# performed. May also be set in SecurityContext. If set in both
# SecurityContext and PodSecurityContext, the value specified in
# SecurityContext takes precedence.
runAsNonRoot:
# (runAsUser <integer>): The UID to run the entrypoint of the container
# process. Defaults to user specified in image metadata if unspecified.
# May also be set in SecurityContext. If set in both SecurityContext and
# PodSecurityContext, the value specified in SecurityContext takes
# precedence for that container.
runAsUser:
# (serviceAccountName <string>): ServiceAccountName is the name of the
# ServiceAccount to use to run this pod. More info:
# http://releases.k8s.io/HEAD/docs/design/service_accounts.md
serviceAccountName:
# (activeDeadlineSeconds <integer>): Optional duration in seconds the pod
# may be active on the node relative to StartTime before the system will
# actively try to mark it failed and kill associated containers. Value must
# be a positive integer.
activeDeadlineSeconds:
# (dnsPolicy <string>): Set DNS policy for containers within the pod. One
# of 'ClusterFirstWithHostNet', 'ClusterFirst' or 'Default'. Defaults to
# "ClusterFirst". To have DNS options set along with hostNetwork, you have
# to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
dnsPolicy:
# (restartPolicy <string>): Restart policy for all containers within the
# pod. One of Always, OnFailure, Never. Default to Always. More info:
# http://kubernetes.io/docs/user-guide/pod-states#restartpolicy
restartPolicy:
# (serviceAccount <string>): DeprecatedServiceAccount is a depreciated
# alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
serviceAccount:
# (volumes <[]Object>): List of volumes that can be mounted by containers
# belonging to the pod. More info:
# http://kubernetes.io/docs/user-guide/volumes
volumes:
# (iscsi <Object>): ISCSI represents an ISCSI Disk resource that is
# attached to a kubelet's host machine and then exposed to the pod. More
# info: http://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md
iscsi:
# (fsType <string>): Filesystem type of the volume that you want to
# mount. Tip: Ensure that the filesystem type is supported by the host
# operating system. Examples: "ext4", "xfs", "ntfs". Implicitly
# inferred to be "ext4" if unspecified. More info:
# http://kubernetes.io/docs/user-guide/volumes#iscsi
fsType:
# (iqn <string> -required-): Target iSCSI Qualified Name.
iqn:
# (iscsiInterface <string>): Optional: Defaults to 'default' (tcp).
# iSCSI interface name that uses an iSCSI transport.
iscsiInterface:
# (lun <integer> -required-): iSCSI target lun number.
lun:
# (portals <[]string>): iSCSI target portal List. The portal is either
# an IP or ip_addr:port if the port is other than default (typically
# TCP ports 860 and 3260).
portals:
# (readOnly <boolean>): ReadOnly here will force the ReadOnly setting
# in VolumeMounts. Defaults to false.
readOnly:
# (targetPortal <string> -required-): iSCSI target portal. The portal
# is either an IP or ip_addr:port if the port is other than default
# (typically TCP ports 860 and 3260).
targetPortal:
# (name <string> -required-): Volume's name. Must be a DNS_LABEL and
# unique within the pod. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (quobyte <Object>): Quobyte represents a Quobyte mount on the host
# that shares a pod's lifetime
quobyte:
# (registry <string> -required-): Registry represents a single or
# multiple Quobyte Registry services specified as a string as host:port
# pair (multiple entries are separated with commas) which acts as the
# central registry for volumes
registry:
# (user <string>): User to map volume access to Defaults to
# serivceaccount user
user:
# (volume <string> -required-): Volume is a string that references an
# already created Quobyte volume by name.
volume:
# (group <string>): Group to map volume access to Default is no group
group:
# (readOnly <boolean>): ReadOnly here will force the Quobyte volume to
# be mounted with read-only permissions. Defaults to false.
readOnly:
# (flocker <Object>): Flocker represents a Flocker volume attached to a
# kubelet's host machine. This depends on the Flocker control service
# being running
flocker:
# (datasetName <string>): Name of the dataset stored as metadata ->
# name on the dataset for Flocker should be considered as deprecated
datasetName:
# (datasetUUID <string>): UUID of the dataset. This is unique
# identifier of a Flocker dataset
datasetUUID:
# (hostPath <Object>): HostPath represents a pre-existing file or
# directory on the host machine that is directly exposed to the
# container. This is generally used for system agents or other privileged
# things that are allowed to see the host machine. Most containers will
# NOT need this. More info:
# http://kubernetes.io/docs/user-guide/volumes#hostpath
hostPath:
# (path <string> -required-): Path of the directory on the host. More
# info: http://kubernetes.io/docs/user-guide/volumes#hostpath
path:
# (secret <Object>): Secret represents a secret that should populate
# this volume. More info:
# http://kubernetes.io/docs/user-guide/volumes#secrets
secret:
# (optional <boolean>): Specify whether the Secret or it's keys must
# be defined
optional:
# (secretName <string>): Name of the secret in the pod's namespace to
# use. More info: http://kubernetes.io/docs/user-guide/volumes#secrets
secretName:
# (defaultMode <integer>): Optional: mode bits to use on created files
# by default. Must be a value between 0 and 0777. Defaults to 0644.
# Directories within the path are not affected by this setting. This
# might be in conflict with other options that affect the file mode,
# like fsGroup, and the result can be other mode bits set.
defaultMode:
# (items <[]Object>): If unspecified, each key-value pair in the Data
# field of the referenced Secret will be projected into the volume as a
# file whose name is the key and content is the value. If specified,
# the listed keys will be projected into the specified paths, and
# unlisted keys will not be present. If a key is specified which is not
# present in the Secret, the volume setup will error unless it is
# marked optional. Paths must be relative and may not contain the '..'
# path or start with '..'.
items:
# (key <string> -required-): The key to project.
key:
# (mode <integer>): Optional: mode bits to use on this file, must be
# a value between 0 and 0777. If not specified, the volume
# defaultMode will be used. This might be in conflict with other
# options that affect the file mode, like fsGroup, and the result can
# be other mode bits set.
mode:
# (path <string> -required-): The relative path of the file to map
# the key to. May not be an absolute path. May not contain the path
# element '..'. May not start with the string '..'.
path:
# (cephfs <Object>): CephFS represents a Ceph FS mount on the host that
# shares a pod's lifetime
cephfs:
# (secretFile <string>): Optional: SecretFile is the path to key ring
# for User, default is /etc/ceph/user.secret More info:
# http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
secretFile:
# (secretRef <Object>): Optional: SecretRef is reference to the
# authentication secret for User, default is empty. More info:
# http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
secretRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (user <string>): Optional: User is the rados user name, default is
# admin More info:
# http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
user:
# (monitors <[]string> -required-): Required: Monitors is a collection
# of Ceph monitors More info:
# http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
monitors:
# (path <string>): Optional: Used as the mounted root, rather than the
# full Ceph tree, default is /
path:
# (readOnly <boolean>): Optional: Defaults to false (read/write).
# ReadOnly here will force the ReadOnly setting in VolumeMounts. More
# info:
# http://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it
readOnly:
# (gcePersistentDisk <Object>): GCEPersistentDisk represents a GCE Disk
# resource that is attached to a kubelet's host machine and then exposed
# to the pod. More info:
# http://kubernetes.io/docs/user-guide/volumes#gcepersistentdisk
gcePersistentDisk:
# (partition <integer>): The partition in the volume that you want to
# mount. If omitted, the default is to mount by volume name. Examples:
# For volume /dev/sda1, you specify the partition as "1". Similarly,
# the volume partition for /dev/sda is "0" (or you can leave the
# property empty). More info:
# http://kubernetes.io/docs/user-guide/volumes#gcepersistentdisk
partition:
# (pdName <string> -required-): Unique name of the PD resource in GCE.
# Used to identify the disk in GCE. More info:
# http://kubernetes.io/docs/user-guide/volumes#gcepersistentdisk
pdName:
# (readOnly <boolean>): ReadOnly here will force the ReadOnly setting
# in VolumeMounts. Defaults to false. More info:
# http://kubernetes.io/docs/user-guide/volumes#gcepersistentdisk
readOnly:
# (fsType <string>): Filesystem type of the volume that you want to
# mount. Tip: Ensure that the filesystem type is supported by the host
# operating system. Examples: "ext4", "xfs", "ntfs". Implicitly
# inferred to be "ext4" if unspecified. More info:
# http://kubernetes.io/docs/user-guide/volumes#gcepersistentdisk
fsType:
# (nfs <Object>): NFS represents an NFS mount on the host that shares a
# pod's lifetime More info:
# http://kubernetes.io/docs/user-guide/volumes#nfs
nfs:
# (path <string> -required-): Path that is exported by the NFS server.
# More info: http://kubernetes.io/docs/user-guide/volumes#nfs
path:
# (readOnly <boolean>): ReadOnly here will force the NFS export to be
# mounted with read-only permissions. Defaults to false. More info:
# http://kubernetes.io/docs/user-guide/volumes#nfs
readOnly:
# (server <string> -required-): Server is the hostname or IP address
# of the NFS server. More info:
# http://kubernetes.io/docs/user-guide/volumes#nfs
server:
# (persistentVolumeClaim <Object>): PersistentVolumeClaimVolumeSource
# represents a reference to a PersistentVolumeClaim in the same
# namespace. More info:
# http://kubernetes.io/docs/user-guide/persistent-volumes#persistentvolumeclaims
persistentVolumeClaim:
# (claimName <string> -required-): ClaimName is the name of a
# PersistentVolumeClaim in the same namespace as the pod using this
# volume. More info:
# http://kubernetes.io/docs/user-guide/persistent-volumes#persistentvolumeclaims
claimName:
# (readOnly <boolean>): Will force the ReadOnly setting in
# VolumeMounts. Default false.
readOnly:
# (projected <Object>): Items for all in one resources secrets,
# configmaps, and downward API
projected:
# (defaultMode <integer>): Mode bits to use on created files by
# default. Must be a value between 0 and 0777. Directories within the
# path are not affected by this setting. This might be in conflict with
# other options that affect the file mode, like fsGroup, and the result
# can be other mode bits set.
defaultMode:
# (sources <[]Object> -required-): list of volume projections
sources:
# (configMap <Object>): information about the configMap data to
# project
configMap:
# (items <[]Object>): If unspecified, each key-value pair in the
# Data field of the referenced ConfigMap will be projected into the
# volume as a file whose name is the key and content is the value.
# If specified, the listed keys will be projected into the
# specified paths, and unlisted keys will not be present. If a key
# is specified which is not present in the ConfigMap, the volume
# setup will error unless it is marked optional. Paths must be
# relative and may not contain the '..' path or start with '..'.
items:
# (key <string> -required-): The key to project.
key:
# (mode <integer>): Optional: mode bits to use on this file,
# must be a value between 0 and 0777. If not specified, the
# volume defaultMode will be used. This might be in conflict with
# other options that affect the file mode, like fsGroup, and the
# result can be other mode bits set.
mode:
# (path <string> -required-): The relative path of the file to
# map the key to. May not be an absolute path. May not contain
# the path element '..'. May not start with the string '..'.
path:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the ConfigMap or it's keys
# must be defined
optional:
# (downwardAPI <Object>): information about the downwardAPI data to
# project
downwardAPI:
# (items <[]Object>): Items is a list of DownwardAPIVolume file
items:
# (path <string> -required-): Required: Path is the relative
# path name of the file to be created. Must not be absolute or
# contain the '..' path. Must be utf-8 encoded. The first item of
# the relative path must not start with '..'
path:
# (resourceFieldRef <Object>): Selects a resource of the
# container: only resources limits and requests (limits.cpu,
# limits.memory, requests.cpu and requests.memory) are currently
# supported.
resourceFieldRef:
# (containerName <string>): Container name: required for
# volumes, optional for env vars
containerName:
# (divisor <string>): Specifies the output format of the
# exposed resources, defaults to "1"
divisor:
# (resource <string> -required-): Required: resource to select
resource:
# (fieldRef <Object>): Required: Selects a field of the pod:
# only annotations, labels, name and namespace are supported.
fieldRef:
# (apiVersion <string>): Version of the schema the FieldPath
# is written in terms of, defaults to "v1".
apiVersion:
# (fieldPath <string> -required-): Path of the field to select
# in the specified API version.
fieldPath:
# (mode <integer>): Optional: mode bits to use on this file,
# must be a value between 0 and 0777. If not specified, the
# volume defaultMode will be used. This might be in conflict with
# other options that affect the file mode, like fsGroup, and the
# result can be other mode bits set.
mode:
# (secret <Object>): information about the secret data to project
secret:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (optional <boolean>): Specify whether the Secret or its key must
# be defined
optional:
# (items <[]Object>): If unspecified, each key-value pair in the
# Data field of the referenced Secret will be projected into the
# volume as a file whose name is the key and content is the value.
# If specified, the listed keys will be projected into the
# specified paths, and unlisted keys will not be present. If a key
# is specified which is not present in the Secret, the volume setup
# will error unless it is marked optional. Paths must be relative
# and may not contain the '..' path or start with '..'.
items:
# (key <string> -required-): The key to project.
key:
# (mode <integer>): Optional: mode bits to use on this file,
# must be a value between 0 and 0777. If not specified, the
# volume defaultMode will be used. This might be in conflict with
# other options that affect the file mode, like fsGroup, and the
# result can be other mode bits set.
mode:
# (path <string> -required-): The relative path of the file to
# map the key to. May not be an absolute path. May not contain
# the path element '..'. May not start with the string '..'.
path:
# (scaleIO <Object>): ScaleIO represents a ScaleIO persistent volume
# attached and mounted on Kubernetes nodes.
scaleIO:
# (system <string> -required-): The name of the storage system as
# configured in ScaleIO.
system:
# (gateway <string> -required-): The host address of the ScaleIO API
# Gateway.
gateway:
# (protectionDomain <string>): The name of the Protection Domain for
# the configured storage (defaults to "default").
protectionDomain:
# (sslEnabled <boolean>): Flag to enable/disable SSL communication
# with Gateway, default false
sslEnabled:
# (storageMode <string>): Indicates whether the storage for a volume
# should be thick or thin (defaults to "thin").
storageMode:
# (storagePool <string>): The Storage Pool associated with the
# protection domain (defaults to "default").
storagePool:
# (fsType <string>): Filesystem type to mount. Must be a filesystem
# type supported by the host operating system. Ex. "ext4", "xfs",
# "ntfs". Implicitly inferred to be "ext4" if unspecified.
fsType:
# (readOnly <boolean>): Defaults to false (read/write). ReadOnly here
# will force the ReadOnly setting in VolumeMounts.
readOnly:
# (secretRef <Object> -required-): SecretRef references to the secret
# for ScaleIO user and other sensitive information. If this is not
# provided, Login operation will fail.
secretRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (volumeName <string>): The name of a volume already created in the
# ScaleIO system that is associated with this volume source.
volumeName:
# (configMap <Object>): ConfigMap represents a configMap that should
# populate this volume
configMap:
# (optional <boolean>): Specify whether the ConfigMap or it's keys
# must be defined
optional:
# (defaultMode <integer>): Optional: mode bits to use on created files
# by default. Must be a value between 0 and 0777. Defaults to 0644.
# Directories within the path are not affected by this setting. This
# might be in conflict with other options that affect the file mode,
# like fsGroup, and the result can be other mode bits set.
defaultMode:
# (items <[]Object>): If unspecified, each key-value pair in the Data
# field of the referenced ConfigMap will be projected into the volume
# as a file whose name is the key and content is the value. If
# specified, the listed keys will be projected into the specified
# paths, and unlisted keys will not be present. If a key is specified
# which is not present in the ConfigMap, the volume setup will error
# unless it is marked optional. Paths must be relative and may not
# contain the '..' path or start with '..'.
items:
# (key <string> -required-): The key to project.
key:
# (mode <integer>): Optional: mode bits to use on this file, must be
# a value between 0 and 0777. If not specified, the volume
# defaultMode will be used. This might be in conflict with other
# options that affect the file mode, like fsGroup, and the result can
# be other mode bits set.
mode:
# (path <string> -required-): The relative path of the file to map
# the key to. May not be an absolute path. May not contain the path
# element '..'. May not start with the string '..'.
path:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (azureDisk <Object>): AzureDisk represents an Azure Data Disk mount on
# the host and bind mount to the pod.
azureDisk:
# (diskName <string> -required-): The Name of the data disk in the
# blob storage
diskName:
# (diskURI <string> -required-): The URI the data disk in the blob
# storage
diskURI:
# (fsType <string>): Filesystem type to mount. Must be a filesystem
# type supported by the host operating system. Ex. "ext4", "xfs",
# "ntfs". Implicitly inferred to be "ext4" if unspecified.
fsType:
# (readOnly <boolean>): Defaults to false (read/write). ReadOnly here
# will force the ReadOnly setting in VolumeMounts.
readOnly:
# (cachingMode <Object>): Host Caching mode: None, Read Only, Read
# Write.
cachingMode:
# (flexVolume <Object>): FlexVolume represents a generic volume resource
# that is provisioned/attached using an exec based plugin. This is an
# alpha feature and may change in future.
flexVolume:
# (driver <string> -required-): Driver is the name of the driver to
# use for this volume.
driver:
# (fsType <string>): Filesystem type to mount. Must be a filesystem
# type supported by the host operating system. Ex. "ext4", "xfs",
# "ntfs". The default filesystem depends on FlexVolume script.
fsType:
# (options <object>): Optional: Extra command options if any.
options:
# (readOnly <boolean>): Optional: Defaults to false (read/write).
# ReadOnly here will force the ReadOnly setting in VolumeMounts.
readOnly:
# (secretRef <Object>): Optional: SecretRef is reference to the secret
# object containing sensitive information to pass to the plugin
# scripts. This may be empty if no secret object is specified. If the
# secret object contains more than one secret, all secrets are passed
# to the plugin scripts.
secretRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (gitRepo <Object>): GitRepo represents a git repository at a
# particular revision.
gitRepo:
# (directory <string>): Target directory name. Must not contain or
# start with '..'. If '.' is supplied, the volume directory will be
# the git repository. Otherwise, if specified, the volume will contain
# the git repository in the subdirectory with the given name.
directory:
# (repository <string> -required-): Repository URL
repository:
# (revision <string>): Commit hash for the specified revision.
revision:
# (glusterfs <Object>): Glusterfs represents a Glusterfs mount on the
# host that shares a pod's lifetime. More info:
# http://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md
glusterfs:
# (endpoints <string> -required-): EndpointsName is the endpoint name
# that details Glusterfs topology. More info:
# http://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod
endpoints:
# (path <string> -required-): Path is the Glusterfs volume path. More
# info:
# http://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod
path:
# (readOnly <boolean>): ReadOnly here will force the Glusterfs volume
# to be mounted with read-only permissions. Defaults to false. More
# info:
# http://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod
readOnly:
# (photonPersistentDisk <Object>): PhotonPersistentDisk represents a
# PhotonController persistent disk attached and mounted on kubelets host
# machine
photonPersistentDisk:
# (fsType <string>): Filesystem type to mount. Must be a filesystem
# type supported by the host operating system. Ex. "ext4", "xfs",
# "ntfs". Implicitly inferred to be "ext4" if unspecified.
fsType:
# (pdID <string> -required-): ID that identifies Photon Controller
# persistent disk
pdID:
# (rbd <Object>): RBD represents a Rados Block Device mount on the host
# that shares a pod's lifetime. More info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md
rbd:
# (image <string> -required-): The rados image name. More info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it
image:
# (keyring <string>): Keyring is the path to key ring for RBDUser.
# Default is /etc/ceph/keyring. More info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it
keyring:
# (monitors <[]string> -required-): A collection of Ceph monitors.
# More info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it
monitors:
# (pool <string>): The rados pool name. Default is rbd. More info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it.
pool:
# (readOnly <boolean>): ReadOnly here will force the ReadOnly setting
# in VolumeMounts. Defaults to false. More info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it
readOnly:
# (secretRef <Object>): SecretRef is name of the authentication secret
# for RBDUser. If provided overrides keyring. Default is nil. More
# info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it
secretRef:
# (name <string>): Name of the referent. More info:
# http://kubernetes.io/docs/user-guide/identifiers#names
name:
# (user <string>): The rados user name. Default is admin. More info:
# http://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it
user:
# (fsType <string>): Filesystem type of the volume that you want to
# mount. Tip: Ensure that the filesystem type is supported by the host
# operating system. Examples: "ext4", "xfs", "ntfs". Implicitly
# inferred to be "ext4" if unspecified. More info:
# http://kubernetes.io/docs/user-guide/volumes#rbd
fsType:
# (awsElasticBlockStore <Object>): AWSElasticBlockStore represents an
# AWS Disk resource that is attached to a kubelet's host machine and then
# exposed to the pod. More info:
# http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
awsElasticBlockStore:
# (partition <integer>): The partition in the volume that you want to
# mount. If omitted, the default is to mount by volume name. Examples:
# For volume /dev/sda1, you specify the partition as "1". Similarly,
# the volume partition for /dev/sda is "0" (or you can leave the
# property empty).
partition:
# (readOnly <boolean>): Specify "true" to force and set the ReadOnly
# property in VolumeMounts to "true". If omitted, the default is
# "false". More info:
# http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
readOnly:
# (volumeID <string> -required-): Unique ID of the persistent disk
# resource in AWS (Amazon EBS volume). More info:
# http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
volumeID:
# (fsType <string>): Filesystem type of the volume that you want to
# mount. Tip: Ensure that the filesystem type is supported by the host
# operating system. Examples: "ext4", "xfs", "ntfs". Implicitly
# inferred to be "ext4" if unspecified. More info:
# http://kubernetes.io/docs/user-guide/volumes#awselasticblockstore
fsType:
# (portworxVolume <Object>): PortworxVolume represents a portworx volume
# attached and mounted on kubelets host machine
portworxVolume:
# (fsType <string>): FSType represents the filesystem type to mount
# Must be a filesystem type supported by the host operating system. Ex.
# "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
fsType:
# (readOnly <boolean>): Defaults to false (read/write). ReadOnly here
# will force the ReadOnly setting in VolumeMounts.
readOnly:
# (volumeID <string> -required-): VolumeID uniquely identifies a
# Portworx volume
volumeID:
# (downwardAPI <Object>): DownwardAPI represents downward API about the
# pod that should populate this volume
downwardAPI:
# (defaultMode <integer>): Optional: mode bits to use on created files
# by default. Must be a value between 0 and 0777. Defaults to 0644.
# Directories within the path are not affected by this setting. This
# might be in conflict with other options that affect the file mode,
# like fsGroup, and the result can be other mode bits set.
defaultMode:
# (items <[]Object>): Items is a list of downward API volume file
items:
# (path <string> -required-): Required: Path is the relative path
# name of the file to be created. Must not be absolute or contain the
# '..' path. Must be utf-8 encoded. The first item of the relative
# path must not start with '..'
path:
# (resourceFieldRef <Object>): Selects a resource of the container:
# only resources limits and requests (limits.cpu, limits.memory,
# requests.cpu and requests.memory) are currently supported.
resourceFieldRef:
# (containerName <string>): Container name: required for volumes,
# optional for env vars
containerName:
# (divisor <string>): Specifies the output format of the exposed
# resources, defaults to "1"
divisor:
# (resource <string> -required-): Required: resource to select
resource:
# (fieldRef <Object>): Required: Selects a field of the pod: only
# annotations, labels, name and namespace are supported.
fieldRef:
# (apiVersion <string>): Version of the schema the FieldPath is
# written in terms of, defaults to "v1".
apiVersion:
# (fieldPath <string> -required-): Path of the field to select in
# the specified API version.
fieldPath:
# (mode <integer>): Optional: mode bits to use on this file, must be
# a value between 0 and 0777. If not specified, the volume
# defaultMode will be used. This might be in conflict with other
# options that affect the file mode, like fsGroup, and the result can
# be other mode bits set.
mode:
# (fc <Object>): FC represents a Fibre Channel resource that is attached
# to a kubelet's host machine and then exposed to the pod.
fc:
# (fsType <string>): Filesystem type to mount. Must be a filesystem
# type supported by the host operating system. Ex. "ext4", "xfs",
# "ntfs". Implicitly inferred to be "ext4" if unspecified.
fsType:
# (lun <integer> -required-): Required: FC target lun number
lun:
# (readOnly <boolean>): Optional: Defaults to false (read/write).
# ReadOnly here will force the ReadOnly setting in VolumeMounts.
readOnly:
# (targetWWNs <[]string> -required-): Required: FC target worldwide
# names (WWNs)
targetWWNs:
# (vsphereVolume <Object>): VsphereVolume represents a vSphere volume
# attached and mounted on kubelets host machine
vsphereVolume:
# (fsType <string>): Filesystem type to mount. Must be a filesystem
# type supported by the host operating system. Ex. "ext4", "xfs",
# "ntfs". Implicitly inferred to be "ext4" if unspecified.
fsType:
# (volumePath <string> -required-): Path that identifies vSphere
# volume vmdk
volumePath:
# (emptyDir <Object>): EmptyDir represents a temporary directory that
# shares a pod's lifetime. More info:
# http://kubernetes.io/docs/user-guide/volumes#emptydir
emptyDir:
# (medium <string>): What type of storage medium should back this
# directory. The default is "" which means to use the node's default
# medium. Must be an empty string (default) or Memory. More info:
# http://kubernetes.io/docs/user-guide/volumes#emptydir
medium:
# (cinder <Object>): Cinder represents a cinder volume attached and
# mounted on kubelets host machine More info:
# http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
cinder:
# (fsType <string>): Filesystem type to mount. Must be a filesystem
# type supported by the host operating system. Examples: "ext4", "xfs",
# "ntfs". Implicitly inferred to be "ext4" if unspecified. More info:
# http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
fsType:
# (readOnly <boolean>): Optional: Defaults to false (read/write).
# ReadOnly here will force the ReadOnly setting in VolumeMounts. More
# info: http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
readOnly:
# (volumeID <string> -required-): volume id used to identify the
# volume in cinder More info:
# http://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md
volumeID:
# (azureFile <Object>): AzureFile represents an Azure File Service mount
# on the host and bind mount to the pod.
azureFile:
# (readOnly <boolean>): Defaults to false (read/write). ReadOnly here
# will force the ReadOnly setting in VolumeMounts.
readOnly:
# (secretName <string> -required-): the name of secret that contains
# Azure Storage Account Name and Key
secretName:
# (shareName <string> -required-): Share Name
shareName:
# (progressDeadlineSeconds <integer>): The maximum time in seconds for a
# deployment to make progress before it is considered to be failed. The
# deployment controller will continue to process failed deployments and a
# condition with a ProgressDeadlineExceeded reason will be surfaced in the
# deployment status. Once autoRollback is implemented, the deployment
# controller will automatically rollback failed deployments. Note that progress
# will not be estimated during the time a deployment is paused. This is not set
# by default.
progressDeadlineSeconds:
# (replicas <integer>): Number of desired pods. This is a pointer to
# distinguish between explicit zero and not specified. Defaults to 1.
replicas:
# (revisionHistoryLimit <integer>): The number of old ReplicaSets to retain to
# allow rollback. This is a pointer to distinguish between explicit zero and
# not specified.
revisionHistoryLimit:
# (selector <Object>): Label selector for pods. Existing ReplicaSets whose
# pods are selected by this will be the ones affected by this deployment.
selector:
# (matchExpressions <[]Object>): matchExpressions is a list of label
# selector requirements. The requirements are ANDed.
matchExpressions:
# (key <string> -required-): key is the label key that the selector
# applies to.
key:
# (operator <string> -required-): operator represents a key's relationship
# to a set of values. Valid operators ard In, NotIn, Exists and
# DoesNotExist.
operator:
# (values <[]string>): values is an array of string values. If the
# operator is In or NotIn, the values array must be non-empty. If the
# operator is Exists or DoesNotExist, the values array must be empty. This
# array is replaced during a strategic merge patch.
values:
# (matchLabels <object>): matchLabels is a map of {key,value} pairs. A
# single {key,value} in the matchLabels map is equivalent to an element of
# matchExpressions, whose key field is "key", the operator is "In", and the
# values array contains only "value". The requirements are ANDed.
matchLabels:
# (status <Object>): Most recently observed status of the Deployment.
status:
# (observedGeneration <integer>): The generation observed by the deployment
# controller.
observedGeneration:
# (readyReplicas <integer>): Total number of ready pods targeted by this
# deployment.
readyReplicas:
# (replicas <integer>): Total number of non-terminated pods targeted by this
# deployment (their labels match the selector).
replicas:
# (unavailableReplicas <integer>): Total number of unavailable pods targeted
# by this deployment.
unavailableReplicas:
# (updatedReplicas <integer>): Total number of non-terminated pods targeted by
# this deployment that have the desired template spec.
updatedReplicas:
# (availableReplicas <integer>): Total number of available pods (ready for at
# least minReadySeconds) targeted by this deployment.
availableReplicas:
# (conditions <[]Object>): Represents the latest available observations of a
# deployment's current state.
conditions:
# (status <string> -required-): Status of the condition, one of True, False,
# Unknown.
status:
# (type <string> -required-): Type of deployment condition.
type:
# (lastTransitionTime <string>): Last time the condition transitioned from
# one status to another.
lastTransitionTime:
# (lastUpdateTime <string>): The last time this condition was updated.
lastUpdateTime:
# (message <string>): A human readable message indicating details about the
# transition.
message:
# (reason <string>): The reason for the condition's last transition.
reason:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment