Skip to content

Instantly share code, notes, and snippets.

@wombat

wombat/gist:c9db3218caee9e6025b7201acb8a9a1b

Created March 15, 2023 15:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wombat/c9db3218caee9e6025b7201acb8a9a1b to your computer and use it in GitHub Desktop.
Save wombat/c9db3218caee9e6025b7201acb8a9a1b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1
metadata:
name: subscriptions.operators.coreos.com
uid: cd1bffb3-9469-4e6d-8ab6-5f8aa892244e
resourceVersion: '122992397'
generation: 2
creationTimestamp: '2022-02-21T16:26:32Z'
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
include.release.openshift.io/ibm-cloud-managed: 'true'
include.release.openshift.io/self-managed-high-availability: 'true'
include.release.openshift.io/single-node-developer: 'true'
ownerReferences:
- apiVersion: config.openshift.io/v1
kind: ClusterVersion
name: version
uid: 6080456b-3ae2-4df9-a7ee-6deaa97e7b4a
managedFields:
- manager: kube-apiserver
operation: Update
apiVersion: apiextensions.k8s.io/v1
time: '2022-02-21T16:26:32Z'
fieldsType: FieldsV1
fieldsV1:
'f:status':
'f:acceptedNames':
'f:categories': {}
'f:kind': {}
'f:listKind': {}
'f:plural': {}
'f:shortNames': {}
'f:singular': {}
'f:conditions':
'k:{"type":"Established"}':
.: {}
'f:lastTransitionTime': {}
'f:message': {}
'f:reason': {}
'f:status': {}
'f:type': {}
'k:{"type":"NamesAccepted"}':
.: {}
'f:lastTransitionTime': {}
'f:message': {}
'f:reason': {}
'f:status': {}
'f:type': {}
- manager: cluster-version-operator
operation: Update
apiVersion: apiextensions.k8s.io/v1
time: '2022-05-09T20:17:40Z'
fieldsType: FieldsV1
fieldsV1:
'f:metadata':
'f:annotations':
.: {}
'f:controller-gen.kubebuilder.io/version': {}
'f:include.release.openshift.io/ibm-cloud-managed': {}
'f:include.release.openshift.io/self-managed-high-availability': {}
'f:include.release.openshift.io/single-node-developer': {}
'f:ownerReferences':
.: {}
'k:{"uid":"6080456b-3ae2-4df9-a7ee-6deaa97e7b4a"}': {}
'f:spec':
'f:conversion':
.: {}
'f:strategy': {}
'f:group': {}
'f:names':
'f:categories': {}
'f:kind': {}
'f:listKind': {}
'f:plural': {}
'f:shortNames': {}
'f:singular': {}
'f:scope': {}
'f:versions': {}
spec:
group: operators.coreos.com
names:
plural: subscriptions
singular: subscription
shortNames:
- sub
- subs
kind: Subscription
listKind: SubscriptionList
categories:
- olm
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
description: >-
Subscription keeps operators up to date by tracking changes to
Catalogs.
type: object
required:
- metadata
- spec
properties:
apiVersion:
description: >-
APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the
latest internal value, and may reject unrecognized values. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: >-
Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SubscriptionSpec defines an Application that can be installed
type: object
required:
- name
- source
- sourceNamespace
properties:
channel:
type: string
config:
description: >-
SubscriptionConfig contains configuration specified for a
subscription.
type: object
properties:
env:
description: >-
Env is a list of environment variables to set in the
container. Cannot be updated.
type: array
items:
description: >-
EnvVar represents an environment variable present in a
Container.
type: object
required:
- name
properties:
name:
description: >-
Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: >-
Variable references $(VAR_NAME) are expanded using
the previously defined environment variables in
the container and any service environment
variables. If a variable cannot be resolved, the
reference in the input string will be unchanged.
Double $$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal
"$(VAR_NAME)". Escaped references will never be
expanded, regardless of whether the variable
exists or not. Defaults to "".
type: string
valueFrom:
description: >-
Source for the environment variable's value.
Cannot be used if value is not empty.
type: object
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
type: object
required:
- key
properties:
key:
description: The key to select.
type: string
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
optional:
description: >-
Specify whether the ConfigMap or its key
must be defined
type: boolean
fieldRef:
description: >-
Selects a field of the pod: supports
metadata.name, metadata.namespace,
`metadata.labels['<KEY>']`,
`metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.
type: object
required:
- fieldPath
properties:
apiVersion:
description: >-
Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: >-
Path of the field to select in the
specified API version.
type: string
resourceFieldRef:
description: >-
Selects a resource of the container: only
resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory and
requests.ephemeral-storage) are currently
supported.
type: object
required:
- resource
properties:
containerName:
description: >-
Container name: required for volumes,
optional for env vars
type: string
divisor:
description: >-
Specifies the output format of the exposed
resources, defaults to "1"
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
secretKeyRef:
description: >-
Selects a key of a secret in the pod's
namespace
type: object
required:
- key
properties:
key:
description: >-
The key of the secret to select from.
Must be a valid secret key.
type: string
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
optional:
description: >-
Specify whether the Secret or its key must
be defined
type: boolean
envFrom:
description: >-
EnvFrom is a list of sources to populate environment
variables in the container. The keys defined within a
source must be a C_IDENTIFIER. All invalid keys will be
reported as an event when the container is starting.
When a key exists in multiple sources, the value
associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take
precedence. Immutable.
type: array
items:
description: >-
EnvFromSource represents the source of a set of
ConfigMaps
type: object
properties:
configMapRef:
description: The ConfigMap to select from
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
optional:
description: Specify whether the ConfigMap must be defined
type: boolean
prefix:
description: >-
An optional identifier to prepend to each key in
the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
nodeSelector:
description: >-
NodeSelector is a selector which must be true for the
pod to fit on a node. Selector which must match a node's
labels for the pod to be scheduled on that node. More
info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
type: object
additionalProperties:
type: string
resources:
description: >-
Resources represents compute resources required by this
container. Immutable. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
type: object
properties:
limits:
description: >-
Limits describes the maximum amount of compute
resources allowed. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
requests:
description: >-
Requests describes the minimum amount of compute
resources required. If Requests is omitted for a
container, it defaults to Limits if that is
explicitly specified, otherwise to an
implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
selector:
description: >-
Selector is the label selector for pods to be
configured. Existing ReplicaSets whose pods are selected
by this will be the ones affected by this deployment. It
must match the pod template's labels.
type: object
properties:
matchExpressions:
description: >-
matchExpressions is a list of label selector
requirements. The requirements are ANDed.
type: array
items:
description: >-
A label selector requirement is a selector that
contains values, a key, and an operator that
relates the key and values.
type: object
required:
- key
- operator
properties:
key:
description: >-
key is the label key that the selector applies
to.
type: string
operator:
description: >-
operator represents a key's relationship to a
set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: >-
values is an array of string values. If the
operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic
merge patch.
type: array
items:
type: string
matchLabels:
description: >-
matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to
an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
additionalProperties:
type: string
tolerations:
description: Tolerations are the pod's tolerations.
type: array
items:
description: >-
The pod this Toleration is attached to tolerates any
taint that matches the triple <key,value,effect> using
the matching operator <operator>.
type: object
properties:
effect:
description: >-
Effect indicates the taint effect to match. Empty
means match all taint effects. When specified,
allowed values are NoSchedule, PreferNoSchedule
and NoExecute.
type: string
key:
description: >-
Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key
is empty, operator must be Exists; this
combination means to match all values and all
keys.
type: string
operator:
description: >-
Operator represents a key's relationship to the
value. Valid operators are Exists and Equal.
Defaults to Equal. Exists is equivalent to
wildcard for value, so that a pod can tolerate all
taints of a particular category.
type: string
tolerationSeconds:
description: >-
TolerationSeconds represents the period of time
the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the
taint. By default, it is not set, which means
tolerate the taint forever (do not evict). Zero
and negative values will be treated as 0 (evict
immediately) by the system.
type: integer
format: int64
value:
description: >-
Value is the taint value the toleration matches
to. If the operator is Exists, the value should be
empty, otherwise just a regular string.
type: string
volumeMounts:
description: List of VolumeMounts to set in the container.
type: array
items:
description: >-
VolumeMount describes a mounting of a Volume within a
container.
type: object
required:
- mountPath
- name
properties:
mountPath:
description: >-
Path within the container at which the volume
should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: >-
mountPropagation determines how mounts are
propagated from the host to container and the
other way around. When not set,
MountPropagationNone is used. This field is beta
in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: >-
Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: >-
Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's
root).
type: string
subPathExpr:
description: >-
Expanded path within the volume from which the
container's volume should be mounted. Behaves
similarly to SubPath but environment variable
references $(VAR_NAME) are expanded using the
container's environment. Defaults to "" (volume's
root). SubPathExpr and SubPath are mutually
exclusive.
type: string
volumes:
description: List of Volumes to set in the podSpec.
type: array
items:
description: >-
Volume represents a named volume in a pod that may be
accessed by any container in the pod.
type: object
required:
- name
properties:
emptyDir:
description: >-
EmptyDir represents a temporary directory that
shares a pod's lifetime. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
type: object
properties:
medium:
description: >-
What type of storage medium should back this
directory. The default is "" which means to
use the node's default medium. Must be an
empty string (default) or Memory. More info:
https://kubernetes.io/docs/concepts/storage/volumes#emptydir
type: string
sizeLimit:
description: >-
Total amount of local storage required for
this EmptyDir volume. The size limit is also
applicable for memory medium. The maximum
usage on memory medium EmptyDir would be the
minimum value between the SizeLimit specified
here and the sum of memory limits of all
containers in a pod. The default is nil which
means that the limit is undefined. More info:
http://kubernetes.io/docs/user-guide/volumes#emptydir
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
gitRepo:
description: >-
GitRepo represents a git repository at a
particular revision. DEPRECATED: GitRepo is
deprecated. To provision a container with a git
repo, mount an EmptyDir into an InitContainer that
clones the repo using git, then mount the EmptyDir
into the Pod's container.
type: object
required:
- repository
properties:
directory:
description: >-
Target directory name. Must not contain or
start with '..'. If '.' is supplied, the
volume directory will be the git repository.
Otherwise, if specified, the volume will
contain the git repository in the subdirectory
with the given name.
type: string
repository:
description: Repository URL
type: string
revision:
description: Commit hash for the specified revision.
type: string
cephfs:
description: >-
CephFS represents a Ceph FS mount on the host that
shares a pod's lifetime
type: object
required:
- monitors
properties:
monitors:
description: >-
Required: Monitors is a collection of Ceph
monitors More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: array
items:
type: string
path:
description: >-
Optional: Used as the mounted root, rather
than the full Ceph tree, default is /
type: string
readOnly:
description: >-
Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: boolean
secretFile:
description: >-
Optional: SecretFile is the path to key ring
for User, default is /etc/ceph/user.secret
More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: string
secretRef:
description: >-
Optional: SecretRef is reference to the
authentication secret for User, default is
empty. More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
user:
description: >-
Optional: User is the rados user name, default
is admin More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: string
cinder:
description: >-
Cinder represents a cinder volume attached and
mounted on kubelets host machine. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
type: object
required:
- volumeID
properties:
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More
info:
https://examples.k8s.io/mysql-cinder-pd/README.md
type: string
readOnly:
description: >-
Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
type: boolean
secretRef:
description: >-
Optional: points to a secret object containing
parameters used to connect to OpenStack.
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
volumeID:
description: >-
volume id used to identify the volume in
cinder. More info:
https://examples.k8s.io/mysql-cinder-pd/README.md
type: string
glusterfs:
description: >-
Glusterfs represents a Glusterfs mount on the host
that shares a pod's lifetime. More info:
https://examples.k8s.io/volumes/glusterfs/README.md
type: object
required:
- endpoints
- path
properties:
endpoints:
description: >-
EndpointsName is the endpoint name that
details Glusterfs topology. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: string
path:
description: >-
Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: string
readOnly:
description: >-
ReadOnly here will force the Glusterfs volume
to be mounted with read-only permissions.
Defaults to false. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: boolean
azureFile:
description: >-
AzureFile represents an Azure File Service mount
on the host and bind mount to the pod.
type: object
required:
- secretName
- shareName
properties:
readOnly:
description: >-
Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in
VolumeMounts.
type: boolean
secretName:
description: >-
the name of secret that contains Azure Storage
Account Name and Key
type: string
shareName:
description: Share Name
type: string
persistentVolumeClaim:
description: >-
PersistentVolumeClaimVolumeSource represents a
reference to a PersistentVolumeClaim in the same
namespace. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
type: object
required:
- claimName
properties:
claimName:
description: >-
ClaimName is the name of a
PersistentVolumeClaim in the same namespace as
the pod using this volume. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
type: string
readOnly:
description: >-
Will force the ReadOnly setting in
VolumeMounts. Default false.
type: boolean
name:
description: >-
Volume's name. Must be a DNS_LABEL and unique
within the pod. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
azureDisk:
description: >-
AzureDisk represents an Azure Data Disk mount on
the host and bind mount to the pod.
type: object
required:
- diskName
- diskURI
properties:
cachingMode:
description: >-
Host Caching mode: None, Read Only, Read
Write.
type: string
diskName:
description: The Name of the data disk in the blob storage
type: string
diskURI:
description: The URI the data disk in the blob storage
type: string
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified.
type: string
kind:
description: >-
Expected values Shared: multiple blob disks
per storage account Dedicated: single blob
disk per storage account Managed: azure
managed data disk (only in managed
availability set). defaults to shared
type: string
readOnly:
description: >-
Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in
VolumeMounts.
type: boolean
awsElasticBlockStore:
description: >-
AWSElasticBlockStore represents an AWS Disk
resource that is attached to a kubelet's host
machine and then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: object
required:
- volumeID
properties:
fsType:
description: >-
Filesystem type of the volume that you want to
mount. Tip: Ensure that the filesystem type is
supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More
info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the
filesystem from compromising the machine
type: string
partition:
description: >-
The partition in the volume that you want to
mount. If omitted, the default is to mount by
volume name. Examples: For volume /dev/sda1,
you specify the partition as "1". Similarly,
the volume partition for /dev/sda is "0" (or
you can leave the property empty).
type: integer
format: int32
readOnly:
description: >-
Specify "true" to force and set the ReadOnly
property in VolumeMounts to "true". If
omitted, the default is "false". More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: boolean
volumeID:
description: >-
Unique ID of the persistent disk resource in
AWS (Amazon EBS volume). More info:
https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: string
hostPath:
description: >-
HostPath represents a pre-existing file or
directory on the host machine that is directly
exposed to the container. This is generally used
for system agents or other privileged things that
are allowed to see the host machine. Most
containers will NOT need this. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
--- TODO(jonesdl) We need to restrict who can use
host directory mounts and who can/can not mount
host directories as read/write.
type: object
required:
- path
properties:
path:
description: >-
Path of the directory on the host. If the path
is a symlink, it will follow the link to the
real path. More info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
type: string
type:
description: >-
Type for HostPath Volume Defaults to "" More
info:
https://kubernetes.io/docs/concepts/storage/volumes#hostpath
type: string
iscsi:
description: >-
ISCSI represents an ISCSI Disk resource that is
attached to a kubelet's host machine and then
exposed to the pod. More info:
https://examples.k8s.io/volumes/iscsi/README.md
type: object
required:
- iqn
- lun
- targetPortal
properties:
readOnly:
description: >-
ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: >-
CHAP Secret for iSCSI target and initiator
authentication
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
lun:
description: iSCSI Target Lun number.
type: integer
format: int32
iqn:
description: Target iSCSI Qualified Name.
type: string
portals:
description: >-
iSCSI Target Portal List. The portal is either
an IP or ip_addr:port if the port is other
than default (typically TCP ports 860 and
3260).
type: array
items:
type: string
fsType:
description: >-
Filesystem type of the volume that you want to
mount. Tip: Ensure that the filesystem type is
supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More
info:
https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the
filesystem from compromising the machine
type: string
iscsiInterface:
description: >-
iSCSI Interface Name that uses an iSCSI
transport. Defaults to 'default' (tcp).
type: string
chapAuthDiscovery:
description: >-
whether support iSCSI Discovery CHAP
authentication
type: boolean
initiatorName:
description: >-
Custom iSCSI Initiator Name. If initiatorName
is specified with iscsiInterface
simultaneously, new iSCSI interface <target
portal>:<volume name> will be created for the
connection.
type: string
chapAuthSession:
description: >-
whether support iSCSI Session CHAP
authentication
type: boolean
targetPortal:
description: >-
iSCSI Target Portal. The Portal is either an
IP or ip_addr:port if the port is other than
default (typically TCP ports 860 and 3260).
type: string
photonPersistentDisk:
description: >-
PhotonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets
host machine
type: object
required:
- pdID
properties:
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified.
type: string
pdID:
description: >-
ID that identifies Photon Controller
persistent disk
type: string
secret:
description: >-
Secret represents a secret that should populate
this volume. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
type: object
properties:
defaultMode:
description: >-
Optional: mode bits used to set permissions on
created files by default. Must be an octal
value between 0000 and 0777 or a decimal value
between 0 and 511. YAML accepts both octal and
decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories
within the path are not affected by this
setting. This might be in conflict with other
options that affect the file mode, like
fsGroup, and the result can be other mode bits
set.
type: integer
format: int32
items:
description: >-
If unspecified, each key-value pair in the
Data field of the referenced Secret will be
projected into the volume as a file whose name
is the key and content is the value. If
specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified
which is not present in the Secret, the volume
setup will error unless it is marked optional.
Paths must be relative and may not contain the
'..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: The key to project.
type: string
mode:
description: >-
Optional: mode bits used to set
permissions on this file. Must be an
octal value between 0000 and 0777 or a
decimal value between 0 and 511. YAML
accepts both octal and decimal values,
JSON requires decimal values for mode
bits. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that
affect the file mode, like fsGroup, and
the result can be other mode bits set.
type: integer
format: int32
path:
description: >-
The relative path of the file to map the
key to. May not be an absolute path. May
not contain the path element '..'. May
not start with the string '..'.
type: string
optional:
description: >-
Specify whether the Secret or its keys must be
defined
type: boolean
secretName:
description: >-
Name of the secret in the pod's namespace to
use. More info:
https://kubernetes.io/docs/concepts/storage/volumes#secret
type: string
scaleIO:
description: >-
ScaleIO represents a ScaleIO persistent volume
attached and mounted on Kubernetes nodes.
type: object
required:
- gateway
- secretRef
- system
properties:
readOnly:
description: >-
Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in
VolumeMounts.
type: boolean
secretRef:
description: >-
SecretRef references to the secret for ScaleIO
user and other sensitive information. If this
is not provided, Login operation will fail.
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
gateway:
description: The host address of the ScaleIO API Gateway.
type: string
volumeName:
description: >-
The name of a volume already created in the
ScaleIO system that is associated with this
volume source.
type: string
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Default is "xfs".
type: string
system:
description: >-
The name of the storage system as configured
in ScaleIO.
type: string
sslEnabled:
description: >-
Flag to enable/disable SSL communication with
Gateway, default false
type: boolean
storagePool:
description: >-
The ScaleIO Storage Pool associated with the
protection domain.
type: string
protectionDomain:
description: >-
The name of the ScaleIO Protection Domain for
the configured storage.
type: string
storageMode:
description: >-
Indicates whether the storage for a volume
should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
type: string
flexVolume:
description: >-
FlexVolume represents a generic volume resource
that is provisioned/attached using an exec based
plugin.
type: object
required:
- driver
properties:
driver:
description: >-
Driver is the name of the driver to use for
this volume.
type: string
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". The default
filesystem depends on FlexVolume script.
type: string
options:
description: 'Optional: Extra command options if any.'
type: object
additionalProperties:
type: string
readOnly:
description: >-
Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
secretRef:
description: >-
Optional: SecretRef is reference to the secret
object containing sensitive information to
pass to the plugin scripts. This may be empty
if no secret object is specified. If the
secret object contains more than one secret,
all secrets are passed to the plugin scripts.
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
quobyte:
description: >-
Quobyte represents a Quobyte mount on the host
that shares a pod's lifetime
type: object
required:
- registry
- volume
properties:
group:
description: >-
Group to map volume access to Default is no
group
type: string
readOnly:
description: >-
ReadOnly here will force the Quobyte volume to
be mounted with read-only permissions.
Defaults to false.
type: boolean
registry:
description: >-
Registry represents a single or multiple
Quobyte Registry services specified as a
string as host:port pair (multiple entries are
separated with commas) which acts as the
central registry for volumes
type: string
tenant:
description: >-
Tenant owning the given Quobyte volume in the
Backend Used with dynamically provisioned
Quobyte volumes, value is set by the plugin
type: string
user:
description: >-
User to map volume access to Defaults to
serivceaccount user
type: string
volume:
description: >-
Volume is a string that references an already
created Quobyte volume by name.
type: string
rbd:
description: >-
RBD represents a Rados Block Device mount on the
host that shares a pod's lifetime. More info:
https://examples.k8s.io/volumes/rbd/README.md
type: object
required:
- image
- monitors
properties:
fsType:
description: >-
Filesystem type of the volume that you want to
mount. Tip: Ensure that the filesystem type is
supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More
info:
https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the
filesystem from compromising the machine
type: string
image:
description: >-
The rados image name. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
keyring:
description: >-
Keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
monitors:
description: >-
A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: array
items:
type: string
pool:
description: >-
The rados pool name. Default is rbd. More
info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
readOnly:
description: >-
ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: boolean
secretRef:
description: >-
SecretRef is name of the authentication secret
for RBDUser. If provided overrides keyring.
Default is nil. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
user:
description: >-
The rados user name. Default is admin. More
info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
projected:
description: >-
Items for all in one resources secrets,
configmaps, and downward API
type: object
properties:
defaultMode:
description: >-
Mode bits used to set permissions on created
files by default. Must be an octal value
between 0000 and 0777 or a decimal value
between 0 and 511. YAML accepts both octal and
decimal values, JSON requires decimal values
for mode bits. Directories within the path are
not affected by this setting. This might be in
conflict with other options that affect the
file mode, like fsGroup, and the result can be
other mode bits set.
type: integer
format: int32
sources:
description: list of volume projections
type: array
items:
description: >-
Projection that may be projected along with
other supported volume types
type: object
properties:
configMap:
description: >-
information about the configMap data to
project
type: object
properties:
items:
description: >-
If unspecified, each key-value pair in
the Data field of the referenced
ConfigMap will be projected into the
volume as a file whose name is the key
and content is the value. If specified,
the listed keys will be projected into
the specified paths, and unlisted keys
will not be present. If a key is
specified which is not present in the
ConfigMap, the volume setup will error
unless it is marked optional. Paths must
be relative and may not contain the '..'
path or start with '..'.
type: array
items:
description: >-
Maps a string key to a path within a
volume.
type: object
required:
- key
- path
properties:
key:
description: The key to project.
type: string
mode:
description: >-
Optional: mode bits used to set
permissions on this file. Must be an
octal value between 0000 and 0777 or a
decimal value between 0 and 511. YAML
accepts both octal and decimal values,
JSON requires decimal values for mode
bits. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that
affect the file mode, like fsGroup, and
the result can be other mode bits set.
type: integer
format: int32
path:
description: >-
The relative path of the file to map the
key to. May not be an absolute path. May
not contain the path element '..'. May
not start with the string '..'.
type: string
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields.
apiVersion, kind, uid?
type: string
optional:
description: >-
Specify whether the ConfigMap or its
keys must be defined
type: boolean
downwardAPI:
description: >-
information about the downwardAPI data
to project
type: object
properties:
items:
description: >-
Items is a list of DownwardAPIVolume
file
type: array
items:
description: >-
DownwardAPIVolumeFile represents
information to create the file
containing the pod field
type: object
required:
- path
properties:
fieldRef:
description: >-
Required: Selects a field of the pod:
only annotations, labels, name and
namespace are supported.
type: object
required:
- fieldPath
properties:
apiVersion:
description: >-
Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: >-
Path of the field to select in the
specified API version.
type: string
mode:
description: >-
Optional: mode bits used to set
permissions on this file, must be an
octal value between 0000 and 0777 or a
decimal value between 0 and 511. YAML
accepts both octal and decimal values,
JSON requires decimal values for mode
bits. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that
affect the file mode, like fsGroup, and
the result can be other mode bits set.
type: integer
format: int32
path:
description: >-
Required: Path is the relative path
name of the file to be created. Must not
be absolute or contain the '..' path.
Must be utf-8 encoded. The first item of
the relative path must not start with
'..'
type: string
resourceFieldRef:
description: >-
Selects a resource of the container:
only resources limits and requests
(limits.cpu, limits.memory, requests.cpu
and requests.memory) are currently
supported.
type: object
required:
- resource
properties:
containerName:
description: >-
Container name: required for volumes,
optional for env vars
type: string
divisor:
description: >-
Specifies the output format of the
exposed resources, defaults to "1"
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
secret:
description: >-
information about the secret data to
project
type: object
properties:
items:
description: >-
If unspecified, each key-value pair in
the Data field of the referenced Secret
will be projected into the volume as a
file whose name is the key and content
is the value. If specified, the listed
keys will be projected into the
specified paths, and unlisted keys will
not be present. If a key is specified
which is not present in the Secret, the
volume setup will error unless it is
marked optional. Paths must be relative
and may not contain the '..' path or
start with '..'.
type: array
items:
description: >-
Maps a string key to a path within a
volume.
type: object
required:
- key
- path
properties:
key:
description: The key to project.
type: string
mode:
description: >-
Optional: mode bits used to set
permissions on this file. Must be an
octal value between 0000 and 0777 or a
decimal value between 0 and 511. YAML
accepts both octal and decimal values,
JSON requires decimal values for mode
bits. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that
affect the file mode, like fsGroup, and
the result can be other mode bits set.
type: integer
format: int32
path:
description: >-
The relative path of the file to map the
key to. May not be an absolute path. May
not contain the path element '..'. May
not start with the string '..'.
type: string
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields.
apiVersion, kind, uid?
type: string
optional:
description: >-
Specify whether the Secret or its key
must be defined
type: boolean
serviceAccountToken:
description: >-
information about the
serviceAccountToken data to project
type: object
required:
- path
properties:
audience:
description: >-
Audience is the intended audience of the
token. A recipient of a token must
identify itself with an identifier
specified in the audience of the token,
and otherwise should reject the token.
The audience defaults to the identifier
of the apiserver.
type: string
expirationSeconds:
description: >-
ExpirationSeconds is the requested
duration of validity of the service
account token. As the token approaches
expiration, the kubelet volume plugin
will proactively rotate the service
account token. The kubelet will start
trying to rotate the token if the token
is older than 80 percent of its time to
live or if the token is older than 24
hours.Defaults to 1 hour and must be at
least 10 minutes.
type: integer
format: int64
path:
description: >-
Path is the path relative to the mount
point of the file to project the token
into.
type: string
csi:
description: >-
CSI (Container Storage Interface) represents
ephemeral storage that is handled by certain
external CSI drivers (Beta feature).
type: object
required:
- driver
properties:
driver:
description: >-
Driver is the name of the CSI driver that
handles this volume. Consult with your admin
for the correct name as registered in the
cluster.
type: string
fsType:
description: >-
Filesystem type to mount. Ex. "ext4", "xfs",
"ntfs". If not provided, the empty value is
passed to the associated CSI driver which will
determine the default filesystem to apply.
type: string
nodePublishSecretRef:
description: >-
NodePublishSecretRef is a reference to the
secret object containing sensitive information
to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume
calls. This field is optional, and may be
empty if no secret is required. If the secret
object contains more than one secret, all
secret references are passed.
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
readOnly:
description: >-
Specifies a read-only configuration for the
volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
description: >-
VolumeAttributes stores driver-specific
properties that are passed to the CSI driver.
Consult your driver's documentation for
supported values.
type: object
additionalProperties:
type: string
portworxVolume:
description: >-
PortworxVolume represents a portworx volume
attached and mounted on kubelets host machine
type: object
required:
- volumeID
properties:
fsType:
description: >-
FSType represents the filesystem type to mount
Must be a filesystem type supported by the
host operating system. Ex. "ext4", "xfs".
Implicitly inferred to be "ext4" if
unspecified.
type: string
readOnly:
description: >-
Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in
VolumeMounts.
type: boolean
volumeID:
description: VolumeID uniquely identifies a Portworx volume
type: string
configMap:
description: >-
ConfigMap represents a configMap that should
populate this volume
type: object
properties:
defaultMode:
description: >-
Optional: mode bits used to set permissions on
created files by default. Must be an octal
value between 0000 and 0777 or a decimal value
between 0 and 511. YAML accepts both octal and
decimal values, JSON requires decimal values
for mode bits. Defaults to 0644. Directories
within the path are not affected by this
setting. This might be in conflict with other
options that affect the file mode, like
fsGroup, and the result can be other mode bits
set.
type: integer
format: int32
items:
description: >-
If unspecified, each key-value pair in the
Data field of the referenced ConfigMap will be
projected into the volume as a file whose name
is the key and content is the value. If
specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified
which is not present in the ConfigMap, the
volume setup will error unless it is marked
optional. Paths must be relative and may not
contain the '..' path or start with '..'.
type: array
items:
description: Maps a string key to a path within a volume.
type: object
required:
- key
- path
properties:
key:
description: The key to project.
type: string
mode:
description: >-
Optional: mode bits used to set
permissions on this file. Must be an
octal value between 0000 and 0777 or a
decimal value between 0 and 511. YAML
accepts both octal and decimal values,
JSON requires decimal values for mode
bits. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that
affect the file mode, like fsGroup, and
the result can be other mode bits set.
type: integer
format: int32
path:
description: >-
The relative path of the file to map the
key to. May not be an absolute path. May
not contain the path element '..'. May
not start with the string '..'.
type: string
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
optional:
description: >-
Specify whether the ConfigMap or its keys must
be defined
type: boolean
nfs:
description: >-
NFS represents an NFS mount on the host that
shares a pod's lifetime More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
type: object
required:
- path
- server
properties:
path:
description: >-
Path that is exported by the NFS server. More
info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
type: string
readOnly:
description: >-
ReadOnly here will force the NFS export to be
mounted with read-only permissions. Defaults
to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
type: boolean
server:
description: >-
Server is the hostname or IP address of the
NFS server. More info:
https://kubernetes.io/docs/concepts/storage/volumes#nfs
type: string
downwardAPI:
description: >-
DownwardAPI represents downward API about the pod
that should populate this volume
type: object
properties:
defaultMode:
description: >-
Optional: mode bits to use on created files by
default. Must be a Optional: mode bits used to
set permissions on created files by default.
Must be an octal value between 0000 and 0777
or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON
requires decimal values for mode bits.
Defaults to 0644. Directories within the path
are not affected by this setting. This might
be in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.
type: integer
format: int32
items:
description: Items is a list of downward API volume file
type: array
items:
description: >-
DownwardAPIVolumeFile represents information
to create the file containing the pod field
type: object
required:
- path
properties:
fieldRef:
description: >-
Required: Selects a field of the pod:
only annotations, labels, name and
namespace are supported.
type: object
required:
- fieldPath
properties:
apiVersion:
description: >-
Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: >-
Path of the field to select in the
specified API version.
type: string
mode:
description: >-
Optional: mode bits used to set
permissions on this file, must be an
octal value between 0000 and 0777 or a
decimal value between 0 and 511. YAML
accepts both octal and decimal values,
JSON requires decimal values for mode
bits. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that
affect the file mode, like fsGroup, and
the result can be other mode bits set.
type: integer
format: int32
path:
description: >-
Required: Path is the relative path
name of the file to be created. Must not
be absolute or contain the '..' path.
Must be utf-8 encoded. The first item of
the relative path must not start with
'..'
type: string
resourceFieldRef:
description: >-
Selects a resource of the container:
only resources limits and requests
(limits.cpu, limits.memory, requests.cpu
and requests.memory) are currently
supported.
type: object
required:
- resource
properties:
containerName:
description: >-
Container name: required for volumes,
optional for env vars
type: string
divisor:
description: >-
Specifies the output format of the
exposed resources, defaults to "1"
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
gcePersistentDisk:
description: >-
GCEPersistentDisk represents a GCE Disk resource
that is attached to a kubelet's host machine and
then exposed to the pod. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
type: object
required:
- pdName
properties:
fsType:
description: >-
Filesystem type of the volume that you want to
mount. Tip: Ensure that the filesystem type is
supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly
inferred to be "ext4" if unspecified. More
info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the
filesystem from compromising the machine
type: string
partition:
description: >-
The partition in the volume that you want to
mount. If omitted, the default is to mount by
volume name. Examples: For volume /dev/sda1,
you specify the partition as "1". Similarly,
the volume partition for /dev/sda is "0" (or
you can leave the property empty). More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
type: integer
format: int32
pdName:
description: >-
Unique name of the PD resource in GCE. Used to
identify the disk in GCE. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
type: string
readOnly:
description: >-
ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info:
https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
type: boolean
fc:
description: >-
FC represents a Fibre Channel resource that is
attached to a kubelet's host machine and then
exposed to the pod.
type: object
properties:
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified. TODO: how do we
prevent errors in the filesystem from
compromising the machine
type: string
lun:
description: 'Optional: FC target lun number'
type: integer
format: int32
readOnly:
description: >-
Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting
in VolumeMounts.
type: boolean
targetWWNs:
description: 'Optional: FC target worldwide names (WWNs)'
type: array
items:
type: string
wwids:
description: >-
Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of
targetWWNs and lun must be set, but not both
simultaneously.
type: array
items:
type: string
vsphereVolume:
description: >-
VsphereVolume represents a vSphere volume attached
and mounted on kubelets host machine
type: object
required:
- volumePath
properties:
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified.
type: string
storagePolicyID:
description: >-
Storage Policy Based Management (SPBM) profile
ID associated with the StoragePolicyName.
type: string
storagePolicyName:
description: >-
Storage Policy Based Management (SPBM) profile
name.
type: string
volumePath:
description: Path that identifies vSphere volume vmdk
type: string
ephemeral:
description: >-
Ephemeral represents a volume that is handled by a
cluster storage driver. The volume's lifecycle is
tied to the pod that defines it - it will be
created before the pod starts, and deleted when
the pod is removed.
Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim).
Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.
A pod can use both types of ephemeral volumes and persistent volumes at the same time.
This is a beta feature and only available when the GenericEphemeralVolume feature gate is enabled.
type: object
properties:
volumeClaimTemplate:
description: >-
Will be used to create a stand-alone PVC to
provision the volume. The pod in which this
EphemeralVolumeSource is embedded will be the
owner of the PVC, i.e. the PVC will be deleted
together with the pod. The name of the PVC
will be `<pod name>-<volume name>` where
`<volume name>` is the name from the
`PodSpec.Volumes` array entry. Pod validation
will reject the pod if the concatenated name
is not valid for a PVC (for example, too
long).
An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.
This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.
Required, must not be nil.
type: object
required:
- spec
properties:
metadata:
description: >-
May contain labels and annotations that
will be copied into the PVC when creating
it. No other fields are allowed and will
be rejected during validation.
type: object
spec:
description: >-
The specification for the
PersistentVolumeClaim. The entire content
is copied unchanged into the PVC that gets
created from this template. The same
fields as in a PersistentVolumeClaim are
also valid here.
type: object
properties:
accessModes:
description: >-
AccessModes contains the desired access
modes the volume should have. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
type: array
items:
type: string
dataSource:
description: >-
This field can be used to specify
either: * An existing VolumeSnapshot
object
(snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC
(PersistentVolumeClaim) If the
provisioner or an external controller
can support the specified data source,
it will create a new volume based on the
contents of the specified data source.
If the AnyVolumeDataSource feature gate
is enabled, this field will always have
the same contents as the DataSourceRef
field.
type: object
required:
- kind
- name
properties:
apiGroup:
description: >-
APIGroup is the group for the resource
being referenced. If APIGroup is not
specified, the specified Kind must be in
the core API group. For any other
third-party types, APIGroup is required.
type: string
kind:
description: >-
Kind is the type of resource being
referenced
type: string
name:
description: >-
Name is the name of resource being
referenced
type: string
dataSourceRef:
description: >-
Specifies the object from which to
populate the volume with data, if a
non-empty volume is desired. This may be
any local object from a non-empty API
group (non core object) or a
PersistentVolumeClaim object. When this
field is specified, volume binding will
only succeed if the type of the
specified object matches some installed
volume populator or dynamic provisioner.
This field will replace the
functionality of the DataSource field
and as such if both fields are
non-empty, they must have the same
value. For backwards compatibility, both
fields (DataSource and DataSourceRef)
will be set to the same value
automatically if one of them is empty
and the other is non-empty. There are
two important differences between
DataSource and DataSourceRef: * While
DataSource only allows two specific
types of objects, DataSourceRef allows
any non-core object, as well as
PersistentVolumeClaim objects. * While
DataSource ignores disallowed values
(dropping them), DataSourceRef
preserves all values, and generates an
error if a disallowed value is
specified. (Alpha) Using this field
requires the AnyVolumeDataSource feature
gate to be enabled.
type: object
required:
- kind
- name
properties:
apiGroup:
description: >-
APIGroup is the group for the resource
being referenced. If APIGroup is not
specified, the specified Kind must be in
the core API group. For any other
third-party types, APIGroup is required.
type: string
kind:
description: >-
Kind is the type of resource being
referenced
type: string
name:
description: >-
Name is the name of resource being
referenced
type: string
resources:
description: >-
Resources represents the minimum
resources the volume should have. More
info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
type: object
properties:
limits:
description: >-
Limits describes the maximum amount of
compute resources allowed. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
requests:
description: >-
Requests describes the minimum amount of
compute resources required. If Requests
is omitted for a container, it defaults
to Limits if that is explicitly
specified, otherwise to an
implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
additionalProperties:
pattern: >-
^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
selector:
description: >-
A label query over volumes to consider
for binding.
type: object
properties:
matchExpressions:
description: >-
matchExpressions is a list of label
selector requirements. The requirements
are ANDed.
type: array
items:
description: >-
A label selector requirement is a
selector that contains values, a key,
and an operator that relates the key and
values.
type: object
required:
- key
- operator
properties:
key:
description: >-
key is the label key that the selector
applies to.
type: string
operator:
description: >-
operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: >-
values is an array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values
array must be empty. This array is
replaced during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: >-
matchLabels is a map of {key,value}
pairs. A single {key,value} in the
matchLabels map is equivalent to an
element of matchExpressions, whose key
field is "key", the operator is "In",
and the values array contains only
"value". The requirements are ANDed.
type: object
additionalProperties:
type: string
storageClassName:
description: >-
Name of the StorageClass required by the
claim. More info:
https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
type: string
volumeMode:
description: >-
volumeMode defines what type of volume
is required by the claim. Value of
Filesystem is implied when not included
in claim spec.
type: string
volumeName:
description: >-
VolumeName is the binding reference to
the PersistentVolume backing this claim.
type: string
flocker:
description: >-
Flocker represents a Flocker volume attached to a
kubelet's host machine. This depends on the
Flocker control service being running
type: object
properties:
datasetName:
description: >-
Name of the dataset stored as metadata -> name
on the dataset for Flocker should be
considered as deprecated
type: string
datasetUUID:
description: >-
UUID of the dataset. This is unique identifier
of a Flocker dataset
type: string
storageos:
description: >-
StorageOS represents a StorageOS volume attached
and mounted on Kubernetes nodes.
type: object
properties:
fsType:
description: >-
Filesystem type to mount. Must be a filesystem
type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred
to be "ext4" if unspecified.
type: string
readOnly:
description: >-
Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in
VolumeMounts.
type: boolean
secretRef:
description: >-
SecretRef specifies the secret to use for
obtaining the StorageOS API credentials. If
not specified, default values will be
attempted.
type: object
properties:
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?
type: string
volumeName:
description: >-
VolumeName is the human-readable name of the
StorageOS volume. Volume names are only
unique within a namespace.
type: string
volumeNamespace:
description: >-
VolumeNamespace specifies the scope of the
volume within StorageOS. If no namespace is
specified then the Pod's namespace will be
used. This allows the Kubernetes name scoping
to be mirrored within StorageOS for tighter
integration. Set VolumeName to any name to
override the default behaviour. Set to
"default" if you are not using namespaces
within StorageOS. Namespaces that do not
pre-exist within StorageOS will be created.
type: string
installPlanApproval:
description: >-
Approval is the user approval policy for an InstallPlan. It
must be one of "Automatic" or "Manual".
type: string
name:
type: string
source:
type: string
sourceNamespace:
type: string
startingCSV:
type: string
status:
type: object
required:
- lastUpdated
properties:
reason:
description: >-
Reason is the reason the Subscription was transitioned to
its current state.
type: string
installplan:
description: >-
Install is a reference to the latest InstallPlan generated
for the Subscription. DEPRECATED: InstallPlanRef
type: object
required:
- apiVersion
- kind
- name
- uuid
properties:
apiVersion:
type: string
kind:
type: string
name:
type: string
uuid:
description: >-
UID is a type that holds unique ID values, including
UUIDs. Because we don't ONLY use UUIDs, this is an
alias to string. Being a type captures intent and helps
make sure that UIDs and names do not get conflated.
type: string
lastUpdated:
description: >-
LastUpdated represents the last time that the Subscription
status was updated.
type: string
format: date-time
installedCSV:
description: >-
InstalledCSV is the CSV currently installed by the
Subscription.
type: string
currentCSV:
description: CurrentCSV is the CSV the Subscription is progressing to.
type: string
installPlanRef:
description: >-
InstallPlanRef is a reference to the latest InstallPlan that
contains the Subscription's current CSV.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: >-
If referring to a piece of an object instead of an
entire object, this string should contain a valid
JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example, if the
object reference is to a container within a pod, this
would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that
triggered the event) or if no container name is
specified "spec.containers[2]" (container with index 2
in this pod). This syntax is chosen only to have some
well-defined way of referencing a part of an object.
TODO: this design is not final and this field is subject
to change in the future.
type: string
kind:
description: >-
Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: >-
Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: >-
Specific resourceVersion to which this reference is
made, if any. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: >-
UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
state:
description: State represents the current state of the Subscription
type: string
catalogHealth:
description: >-
CatalogHealth contains the Subscription's view of its
relevant CatalogSources' status. It is used to determine
SubscriptionStatusConditions related to CatalogSources.
type: array
items:
description: >-
SubscriptionCatalogHealth describes the health of a
CatalogSource the Subscription knows about.
type: object
required:
- catalogSourceRef
- healthy
- lastUpdated
properties:
catalogSourceRef:
description: CatalogSourceRef is a reference to a CatalogSource.
type: object
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: >-
If referring to a piece of an object instead of an
entire object, this string should contain a valid
JSON/Go field access statement, such as
desiredState.manifest.containers[2]. For example,
if the object reference is to a container within a
pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to
the name of the container that triggered the
event) or if no container name is specified
"spec.containers[2]" (container with index 2 in
this pod). This syntax is chosen only to have some
well-defined way of referencing a part of an
object. TODO: this design is not final and this
field is subject to change in the future.
type: string
kind:
description: >-
Kind of the referent. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: >-
Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: >-
Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: >-
Specific resourceVersion to which this reference
is made, if any. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: >-
UID of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
healthy:
description: >-
Healthy is true if the CatalogSource is healthy; false
otherwise.
type: boolean
lastUpdated:
description: >-
LastUpdated represents the last time that the
CatalogSourceHealth changed
type: string
format: date-time
conditions:
description: >-
Conditions is a list of the latest available observations
about a Subscription's current state.
type: array
items:
description: >-
SubscriptionCondition represents the latest available
observations of a Subscription's state.
type: object
required:
- status
- type
properties:
lastHeartbeatTime:
description: >-
LastHeartbeatTime is the last time we got an update on
a given condition
type: string
format: date-time
lastTransitionTime:
description: >-
LastTransitionTime is the last time the condition
transit from one status to another
type: string
format: date-time
message:
description: >-
Message is a human-readable message indicating details
about last transition.
type: string
reason:
description: >-
Reason is a one-word CamelCase reason for the
condition's last transition.
type: string
status:
description: >-
Status is the status of the condition, one of True,
False, Unknown.
type: string
type:
description: Type is the type of Subscription condition.
type: string
installPlanGeneration:
description: >-
InstallPlanGeneration is the current generation of the
installplan
type: integer
subresources:
status: {}
additionalPrinterColumns:
- name: Package
type: string
description: The package subscribed to
jsonPath: .spec.name
- name: Source
type: string
description: The catalog source for the specified package
jsonPath: .spec.source
- name: Channel
type: string
description: The channel of updates to subscribe to
jsonPath: .spec.channel
conversion:
strategy: None
status:
conditions:
- type: NamesAccepted
status: 'True'
lastTransitionTime: '2022-02-21T16:26:32Z'
reason: NoConflicts
message: no conflicts found
- type: Established
status: 'True'
lastTransitionTime: '2022-02-21T16:26:32Z'
reason: InitialNamesAccepted
message: the initial names have been accepted
acceptedNames:
plural: subscriptions
singular: subscription
shortNames:
- sub
- subs
kind: Subscription
listKind: SubscriptionList
categories:
- olm
storedVersions:
- v1alpha1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment