From 14a50da92df887ce78b4b7a3be3991aabcebedab Mon Sep 17 00:00:00 2001 From: wuhuizuo Date: Fri, 16 Dec 2022 14:40:23 +0800 Subject: [PATCH] feat(apps/staging/prow): bump prow components to v20221216-06fc803e5c (#333) * refactor(charts/prow): split crd chart and migrate dependency from sub-dic to repo * chore(charts/prow): bump app version * ci: trigger chart release only when Chart.yaml file changed * feat(apps/staging/prow): bump prow components to v20221216-06fc803e5c --- .github/workflows/charts_release.yaml | 2 +- apps/_base/kustomization.yaml | 4 + apps/_base/sources/helm-repo-ee-ops.yaml | 9 + apps/_base/sources/kustomization.yaml | 4 + apps/prod/kustomization.yaml | 1 + apps/staging/kustomization.yaml | 1 + apps/staging/prow/release/release.yaml | 53 +- charts/prow/Chart.yaml | 5 +- charts/prow/charts/prow-crd/.helmignore | 23 - charts/prow/charts/prow-crd/Chart.yaml | 26 - .../charts/prow-crd/templates/_helpers.tpl | 14 - .../prow-crd/templates/prowjob-crd.yaml | 23259 ---------------- charts/prow/charts/prow-crd/values.yaml | 1 - 13 files changed, 28 insertions(+), 23374 deletions(-) create mode 100644 apps/_base/kustomization.yaml create mode 100644 apps/_base/sources/helm-repo-ee-ops.yaml create mode 100644 apps/_base/sources/kustomization.yaml delete mode 100644 charts/prow/charts/prow-crd/.helmignore delete mode 100644 charts/prow/charts/prow-crd/Chart.yaml delete mode 100644 charts/prow/charts/prow-crd/templates/_helpers.tpl delete mode 100644 charts/prow/charts/prow-crd/templates/prowjob-crd.yaml delete mode 100644 charts/prow/charts/prow-crd/values.yaml diff --git a/.github/workflows/charts_release.yaml b/.github/workflows/charts_release.yaml index 74b20909f..c2e018310 100644 --- a/.github/workflows/charts_release.yaml +++ b/.github/workflows/charts_release.yaml @@ -5,7 +5,7 @@ on: branches: - main paths: - - "charts/**" + - "charts/*/Chart.yaml" jobs: release: diff --git a/apps/_base/kustomization.yaml b/apps/_base/kustomization.yaml new file mode 100644 index 000000000..9f2dbb5f4 --- /dev/null +++ b/apps/_base/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - sources diff --git a/apps/_base/sources/helm-repo-ee-ops.yaml b/apps/_base/sources/helm-repo-ee-ops.yaml new file mode 100644 index 000000000..e187045a1 --- /dev/null +++ b/apps/_base/sources/helm-repo-ee-ops.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: ee-ops + namespace: flux-system +spec: + interval: 30m + url: https://pingcap-qe.github.io/ee-ops diff --git a/apps/_base/sources/kustomization.yaml b/apps/_base/sources/kustomization.yaml new file mode 100644 index 000000000..96b55d619 --- /dev/null +++ b/apps/_base/sources/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-repo-ee-ops.yaml diff --git a/apps/prod/kustomization.yaml b/apps/prod/kustomization.yaml index bedb37388..5e9e92102 100644 --- a/apps/prod/kustomization.yaml +++ b/apps/prod/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ../_base - namespace.yaml - jenkins - mongodb diff --git a/apps/staging/kustomization.yaml b/apps/staging/kustomization.yaml index 2b29a5062..529fababf 100644 --- a/apps/staging/kustomization.yaml +++ b/apps/staging/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ../_base - namespace.yaml - jenkins - tekton diff --git a/apps/staging/prow/release/release.yaml b/apps/staging/prow/release/release.yaml index 835ad4591..83ccb504e 100644 --- a/apps/staging/prow/release/release.yaml +++ b/apps/staging/prow/release/release.yaml @@ -10,10 +10,11 @@ spec: targetNamespace: apps chart: spec: - chart: ./charts/prow + chart: prow + version: 0.3.0 sourceRef: - kind: GitRepository - name: flux-system + kind: HelmRepository + name: ee-ops namespace: flux-system interval: 5m timeout: 5m @@ -57,52 +58,8 @@ spec: prow: podsNamespace: ${TEST_PODS_NAMESPACE} # should delete old prow-pcm pods when changed. githubOrg: PingCAP-QE - pcm: - image: - repository: hub.pingcap.net/ee/prow-controller-manager - tag: v20221108-93ba3423d9 - deck: - image: - repository: hub.pingcap.net/ee/deck - tag: v20221108-93ba3423d9 - crier: - image: - repository: hub.pingcap.net/ee/crier - tag: v20221108-93ba3423d9 - - ghproxy: - image: - repository: hub.pingcap.net/ee/ghproxy - tag: v20221108-93ba3423d9 - hook: - image: - repository: hub.pingcap.net/ee/hook - tag: v20221108-93ba3423d9 - horologium: - image: - repository: hub.pingcap.net/ee/horologium - tag: v20221108-93ba3423d9 - sinker: - image: - repository: hub.pingcap.net/ee/sinker - tag: v20221108-93ba3423d9 - statusReconciler: - image: - repository: hub.pingcap.net/ee/status-reconciler - tag: v20221108-93ba3423d9 - tide: - image: - repository: hub.pingcap.net/ee/tide - tag: v20221108-93ba3423d9 - pipeline: - image: - repository: hub.pingcap.net/ee/pipeline - tag: v20221108-93ba3423d9 jenkinsOperator: enabled: true - image: - repository: hub.pingcap.net/ee/jenkins-operator - tag: v20221108-7045713ae7 dryRun: false jenkinsUrl: http://jenkins:8080/jenkins/ auth: @@ -145,4 +102,4 @@ spec: # TODO(wuhuizuo): how to merge the inner yaml from value content. - op: replace path: /metadata/annotations.kustomize.toolkit.fluxcd.io/ssa - value: merge \ No newline at end of file + value: merge diff --git a/charts/prow/Chart.yaml b/charts/prow/Chart.yaml index cda7a3a49..9e6cfa457 100644 --- a/charts/prow/Chart.yaml +++ b/charts/prow/Chart.yaml @@ -21,7 +21,7 @@ type: application # time you make changes to the chart and its templates, # including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "0.2.0" +version: "0.3.0" # This is the version number of the application being deployed. # This version number should be incremented each time you make changes to the @@ -29,10 +29,11 @@ version: "0.2.0" # They should reflect the version the application is using. # It is recommended to use it with quotes. # renovate: datasource=docker registryUrl=gcr.io depName=k8s-prow/tide -appVersion: v20220504-0b3a7e15f4 +appVersion: v20221216-06fc803e5c dependencies: - name: prow-crd + repository: https://pingcap-qe.github.io/ee-ops version: "0.1.0" - name: minio repository: https://charts.bitnami.com/bitnami diff --git a/charts/prow/charts/prow-crd/.helmignore b/charts/prow/charts/prow-crd/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/prow/charts/prow-crd/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/prow/charts/prow-crd/Chart.yaml b/charts/prow/charts/prow-crd/Chart.yaml deleted file mode 100644 index 538de6445..000000000 --- a/charts/prow/charts/prow-crd/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v2 -name: prow-crd -description: Prow custom resource definations. -maintainers: - - name: wuhuizuo - email: wuhuizuo@126.com -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: v0.6.3-0.20210827222652-7b3a8699fa04 diff --git a/charts/prow/charts/prow-crd/templates/_helpers.tpl b/charts/prow/charts/prow-crd/templates/_helpers.tpl deleted file mode 100644 index fa5165965..000000000 --- a/charts/prow/charts/prow-crd/templates/_helpers.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prow-crd.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "prow-crd.labels" -}} -helm.sh/chart: {{ include "prow-crd.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} \ No newline at end of file diff --git a/charts/prow/charts/prow-crd/templates/prowjob-crd.yaml b/charts/prow/charts/prow-crd/templates/prowjob-crd.yaml deleted file mode 100644 index d7ad8408b..000000000 --- a/charts/prow/charts/prow-crd/templates/prowjob-crd.yaml +++ /dev/null @@ -1,23259 +0,0 @@ -# from https://raw.githubusercontent.com/kubernetes/test-infra/master/config/prow/cluster/prowjob-crd/prowjob_customresourcedefinition.yaml ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: prowjobs.prow.k8s.io - labels: {{- include "prow-crd.labels" . | nindent 4 }} - annotations: - meta.helm.sh/release-name: {{ .Release.Name }} - meta.helm.sh/release-namespace: {{ .Release.Namespace }} - api-approved.kubernetes.io: https://github.com/kubernetes/test-infra/pull/8669 - controller-gen.kubebuilder.io/version: v0.6.3-0.20210827222652-7b3a8699fa04 -spec: - preserveUnknownFields: false - group: prow.k8s.io - names: - kind: ProwJob - listKind: ProwJobList - plural: prowjobs - singular: prowjob - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the job being run - jsonPath: .spec.job - name: Job - type: string - - description: The ID of the job being run. - jsonPath: .status.build_id - name: BuildId - type: string - - description: The type of job being run. - jsonPath: .spec.type - name: Type - type: string - - description: The org for which the job is running. - jsonPath: .spec.refs.org - name: Org - type: string - - description: The repo for which the job is running. - jsonPath: .spec.refs.repo - name: Repo - type: string - - description: The pulls for which the job is running. - jsonPath: .spec.refs.pulls[*].number - name: Pulls - type: string - - description: When the job started running. - jsonPath: .status.startTime - name: StartTime - type: date - - description: When the job finished running. - jsonPath: .status.completionTime - name: CompletionTime - type: date - - description: The state of the job. - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ProwJob contains the spec as well as runtime metadata. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - "ProwJobSpec configures the details of the prow job. \n Details - include the podspec, code to clone, the cluster it runs any child jobs, - concurrency limitations, etc." - properties: - agent: - description: - Agent determines which controller fulfills this specific - ProwJobSpec and runs the job - type: string - cluster: - description: - Cluster is which Kubernetes cluster is used to run the - job, only applicable for that specific agent - type: string - context: - description: - Context is the name of the status context used to report - back to GitHub - type: string - decoration_config: - description: - DecorationConfig holds configuration options for decorating - PodSpecs that users provide - properties: - censor_secrets: - description: CensorSecrets enables censoring output logs and artifacts. - type: boolean - censoring_options: - description: - CensoringOptions exposes options for censoring output - logs and artifacts. - properties: - censoring_buffer_size: - description: - CensoringBufferSize is the size in bytes of the - buffer allocated for every file being censored. We want - to keep as little of the file in memory as possible in order - for censoring to be reasonably performant in space. However, - to guarantee that we censor every instance of every secret, - our buffer size must be at least two times larger than the - largest secret we are about to censor. While that size is - the smallest possible buffer we could use, if the secrets - being censored are small, censoring will not be performant - as the number of I/O actions per file would increase. If - unset, defaults to 10MiB. - type: integer - censoring_concurrency: - description: - CensoringConcurrency is the maximum number of - goroutines that should be censoring artifacts and logs at - any time. If unset, defaults to 10. - format: int64 - type: integer - exclude_directories: - description: - ExcludeDirectories are directories which should - not have their content censored. If present, content in - these directories will not be censored even if the directory - also matches a glob in IncludeDirectories. Entries in this - list are relative to $ARTIFACTS, and are parsed with the - go-zglob library, allowing for globbed matches. - items: - type: string - type: array - include_directories: - description: - IncludeDirectories are directories which should - have their content censored. If present, only content in - these directories will be censored. Entries in this list - are relative to $ARTIFACTS and are parsed with the go-zglob - library, allowing for globbed matches. - items: - type: string - type: array - type: object - cookiefile_secret: - description: - CookieFileSecret is the name of a kubernetes secret - that contains a git http.cookiefile, which should be used during - the cloning process. - type: string - default_service_account_name: - description: - DefaultServiceAccountName is the name of the Kubernetes - service account that should be used by the pod if one is not - specified in the podspec. - type: string - gcs_configuration: - description: - GCSConfiguration holds options for pushing logs and - artifacts to GCS from a job. - properties: - bucket: - description: - "Bucket is the bucket to upload to, it can be: - * a GCS bucket: with gs:// prefix * a S3 bucket: with s3:// - prefix * a GCS bucket: without a prefix (deprecated, it's - discouraged to use Bucket without prefix please add the - gs:// prefix)" - type: string - default_org: - description: - DefaultOrg is omitted from GCS paths when using - the legacy or simple strategy - type: string - default_repo: - description: - DefaultRepo is omitted from GCS paths when using - the legacy or simple strategy - type: string - job_url_prefix: - description: - JobURLPrefix holds the baseURL under which the - jobs output can be viewed. If unset, this will be derived - based on org/repo from the job_url_prefix_config. - type: string - local_output_dir: - description: - LocalOutputDir specifies a directory where files - should be copied INSTEAD of uploading to blob storage. This - option is useful for testing jobs that use the pod-utilities - without actually uploading. - type: string - mediaTypes: - additionalProperties: - type: string - description: - 'MediaTypes holds additional extension media - types to add to Go''s builtin''s and the local system''s - defaults. This maps extensions to media types, for example: - MediaTypes["log"] = "text/plain"' - type: object - path_prefix: - description: - PathPrefix is an optional path that follows the - bucket name and comes before any structure - type: string - path_strategy: - description: - PathStrategy dictates how the org and repo are - used when calculating the full path to an artifact in GCS - type: string - type: object - gcs_credentials_secret: - description: - GCSCredentialsSecret is the name of the Kubernetes - secret that holds GCS push credentials. - type: string - github_api_endpoints: - description: GitHubAPIEndpoints are the endpoints of GitHub APIs. - items: - type: string - type: array - github_app_id: - description: - GitHubAppID is the ID of GitHub App, which is going - to be used for fetching a private repository. - type: string - github_app_private_key_secret: - description: - GitHubAppPrivateKeySecret is a Kubernetes secret - that contains the GitHub App private key, which is going to - be used for fetching a private repository. - properties: - key: - description: - Key is the key of the corresponding kubernetes - secret that holds the value of the GitHub App private key. - type: string - name: - description: Name is the name of a kubernetes secret. - type: string - type: object - grace_period: - description: - GracePeriod is how long the pod utilities will wait - after sending SIGINT to send SIGKILL when aborting a job. Only - applicable if decorating the PodSpec. - type: string - oauth_token_secret: - description: - OauthTokenSecret is a Kubernetes secret that contains - the OAuth token, which is going to be used for fetching a private - repository. - properties: - key: - description: - Key is the key of the corresponding kubernetes - secret that holds the value of the OAuth token. - type: string - name: - description: Name is the name of a kubernetes secret. - type: string - type: object - resources: - description: - Resources holds resource requests and limits for - utility containers used to decorate a PodSpec. - properties: - clonerefs: - description: - ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - initupload: - description: - ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - place_entrypoint: - description: - ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - sidecar: - description: - ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - type: object - s3_credentials_secret: - description: - S3CredentialsSecret is the name of the Kubernetes - secret that holds blob storage push credentials. - type: string - skip_cloning: - description: - SkipCloning determines if we should clone source - code in the initcontainers for jobs that specify refs - type: boolean - ssh_host_fingerprints: - description: - SSHHostFingerprints are the fingerprints of known - SSH hosts that the cloning process can trust. Create with ssh-keyscan - [-t rsa] host - items: - type: string - type: array - ssh_key_secrets: - description: - SSHKeySecrets are the names of Kubernetes secrets - that contain SSK keys which should be used during the cloning - process. - items: - type: string - type: array - timeout: - description: - Timeout is how long the pod utilities will wait before - aborting a job with SIGINT. - type: string - upload_ignores_interrupts: - description: - UploadIgnoresInterrupts causes sidecar to ignore - interrupts for the upload process in hope that the test process - exits cleanly before starting an upload. - type: boolean - utility_images: - description: - UtilityImages holds pull specs for utility container - images used to decorate a PodSpec. - properties: - clonerefs: - description: - CloneRefs is the pull spec used for the clonerefs - utility - type: string - entrypoint: - description: - Entrypoint is the pull spec used for the entrypoint - utility - type: string - initupload: - description: - InitUpload is the pull spec used for the initupload - utility - type: string - sidecar: - description: - sidecar is the pull spec used for the sidecar - utility - type: string - type: object - type: object - error_on_eviction: - description: - ErrorOnEviction indicates that the ProwJob should be - completed and given the ErrorState status if the pod that is executing - the job is evicted. If this field is unspecified or false, a new - pod will be created to replace the evicted one. - type: boolean - extra_refs: - description: - ExtraRefs are auxiliary repositories that need to be - cloned, determined from config - items: - description: Refs describes how the repo was constructed. - properties: - base_link: - description: - BaseLink is a link to the commit identified by - BaseSHA. - type: string - base_ref: - type: string - base_sha: - type: string - clone_depth: - description: - CloneDepth is the depth of the clone that will - be used. A depth of zero will do a full clone. - type: integer - clone_uri: - description: - CloneURI is the URI that is used to clone the repository. - If unset, will default to `https://github.com/org/repo.git`. - type: string - org: - description: Org is something like kubernetes or k8s.io - type: string - path_alias: - description: - PathAlias is the location under /src - where this repository is cloned. If this is not set, /src/github.com/org/repo - will be used as the default. - type: string - pulls: - items: - description: - Pull describes a pull request at a particular - point in time. - properties: - author: - type: string - author_link: - description: - AuthorLink links to the author of the pull - request. - type: string - commit_link: - description: - CommitLink links to the commit identified - by the SHA. - type: string - link: - description: Link links to the pull request itself. - type: string - number: - type: integer - ref: - description: - "Ref is git ref can be checked out for a - change for example, github: pull/123/head gerrit: refs/changes/00/123/1" - type: string - sha: - type: string - title: - type: string - required: - - author - - number - - sha - type: object - type: array - repo: - description: Repo is something like test-infra - type: string - repo_link: - description: RepoLink links to the source for Repo. - type: string - skip_fetch_head: - description: - SkipFetchHead tells prow to avoid a git fetch - call. Multiheaded repos may need to not make this call. The - git fetch call occurs regardless. - type: boolean - skip_submodules: - description: - SkipSubmodules determines if submodules should - be cloned when the job is run. Defaults to false. - type: boolean - workdir: - description: - WorkDir defines if the location of the cloned repository - will be used as the default working directory. - type: boolean - required: - - org - - repo - type: object - type: array - hidden: - description: - Hidden specifies if the Job is considered hidden. Hidden - jobs are only shown by deck instances that have the `--hiddenOnly=true` - or `--show-hidden=true` flag set. Presubmits and Postsubmits can - also be set to hidden by adding their repository in Decks `hidden_repo` - setting. - type: boolean - jenkins_spec: - description: JenkinsSpec holds configuration specific to Jenkins jobs - properties: - github_branch_source_job: - type: boolean - type: object - job: - description: Job is the name of the job - type: string - job_queue_name: - description: - JobQueueName is an optional field with name of a queue - defining max concurrency. When several jobs from the same queue - try to run at the same time, the number of them that is actually - started is limited by JobQueueConcurrencies (part of Plank's config). - If this field is left undefined inifinite concurrency is assumed. - This behaviour may be superseded by MaxConcurrency field, if it - is set to a constraining value. - type: string - max_concurrency: - description: - MaxConcurrency restricts the total number of instances - of this job that can run in parallel at once. This is a separate - mechanism to JobQueueName and the lowest max concurrency is selected - from these two. - minimum: 0 - type: integer - namespace: - description: Namespace defines where to create pods/resources. - type: string - pipeline_run_spec: - description: - PipelineRunSpec provides the basis for running the test - as a pipeline-crd resource https://github.com/tektoncd/pipeline - properties: - params: - description: Params is a list of parameter names and values. - items: - description: - Param declares an ArrayOrString to use for the - parameter called name. - properties: - name: - type: string - value: - description: - ArrayOrString is a type that can hold a single - string or string array. Used in JSON unmarshalling so - that a single JSON field can accept either an individual - string or an array of strings. - properties: - arrayVal: - items: - type: string - type: array - stringVal: - type: string - type: - description: - ParamType indicates the type of an input - parameter; Used to distinguish between a single string - and an array of strings. - type: string - required: - - arrayVal - - stringVal - - type - type: object - required: - - name - - value - type: object - type: array - pipelineRef: - description: - "PipelineRef can be used to refer to a specific instance - of a Pipeline. Copied from CrossVersionObjectReference: https://github.com/kubernetes/kubernetes/blob/169df7434155cbbc22f1532cba8e0a9588e29ad8/pkg/apis/autoscaling/types.go#L64" - properties: - apiVersion: - description: API version of the referent - type: string - name: - description: "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - pipelineSpec: - description: PipelineSpec defines the desired state of Pipeline. - properties: - description: - description: - Description is a user-facing description of the - pipeline that may be used to populate a UI. - type: string - params: - description: - Params declares a list of input parameters that - must be supplied when this Pipeline is run. - items: - description: - ParamSpec defines arbitrary parameters needed - beyond typed inputs (such as resources). Parameter values - are provided by users as inputs on a TaskRun or PipelineRun. - properties: - default: - description: - Default is the value a parameter takes - if no input value is supplied. If default is set, - a Task may be executed without a supplied value for - the parameter. - properties: - arrayVal: - items: - type: string - type: array - stringVal: - type: string - type: - description: - ParamType indicates the type of an - input parameter; Used to distinguish between a - single string and an array of strings. - type: string - required: - - arrayVal - - stringVal - - type - type: object - description: - description: - Description is a user-facing description - of the parameter that may be used to populate a UI. - type: string - name: - description: - Name declares the name by which a parameter - is referenced. - type: string - type: - description: - Type is the user-specified type of the - parameter. The possible types are currently "string" - and "array", and "string" is the default. - type: string - required: - - name - type: object - type: array - resources: - description: - Resources declares the names and types of the - resources given to the Pipeline's tasks as inputs and outputs. - items: - description: - PipelineDeclaredResource is used by a Pipeline - to declare the types of the PipelineResources that it - will required to run and names which can be used to refer - to these PipelineResources in PipelineTaskResourceBindings. - properties: - name: - description: - Name is the name that will be used by the - Pipeline to refer to this resource. It does not directly - correspond to the name of any PipelineResources Task - inputs or outputs, and it does not correspond to the - actual names of the PipelineResources that will be - bound in the PipelineRun. - type: string - optional: - description: - "Optional declares the resource as optional. - optional: true - the resource is considered optional - optional: false - the resource is considered required - (default/equivalent of not specifying it)" - type: boolean - type: - description: Type is the type of the PipelineResource. - type: string - required: - - name - - type - type: object - type: array - results: - description: - Results are values that this pipeline can output - once run - items: - description: - PipelineResult used to describe the results - of a pipeline - properties: - description: - description: - Description is a human-readable description - of the result - type: string - name: - description: Name the given name - type: string - value: - description: - Value the expression used to retrieve the - value - type: string - required: - - name - - value - type: object - type: array - tasks: - description: - Tasks declares the graph of Tasks that execute - when this Pipeline is run. - items: - description: - PipelineTask defines a task in a Pipeline, - passing inputs from both Params and from the output of - previous tasks. - properties: - conditions: - description: - Conditions is a list of conditions that - need to be true for the task to run - items: - description: - PipelineTaskCondition allows a PipelineTask - to declare a Condition to be evaluated before the - Task is run. - properties: - conditionRef: - description: - ConditionRef is the name of the Condition - to use for the conditionCheck - type: string - params: - description: - Params declare parameters passed - to this Condition - items: - description: - Param declares an ArrayOrString - to use for the parameter called name. - properties: - name: - type: string - value: - description: - ArrayOrString is a type that - can hold a single string or string array. - Used in JSON unmarshalling so that a single - JSON field can accept either an individual - string or an array of strings. - properties: - arrayVal: - items: - type: string - type: array - stringVal: - type: string - type: - description: - ParamType indicates the - type of an input parameter; Used to - distinguish between a single string - and an array of strings. - type: string - required: - - arrayVal - - stringVal - - type - type: object - required: - - name - - value - type: object - type: array - resources: - description: - Resources declare the resources provided - to this Condition as input - items: - description: - PipelineTaskInputResource maps - the name of a declared PipelineResource input - dependency in a Task to the resource in the - Pipeline's DeclaredPipelineResources that - should be used. This input may come from a - previous task. - properties: - from: - description: - From is the list of PipelineTask - names that the resource has to come from. - (Implies an ordering in the execution - graph.) - items: - type: string - type: array - name: - description: - Name is the name of the PipelineResource - as declared by the Task. - type: string - resource: - description: - Resource is the name of the - DeclaredPipelineResource to use. - type: string - required: - - name - - resource - type: object - type: array - required: - - conditionRef - type: object - type: array - name: - description: - Name is the name of this task within the - context of a Pipeline. Name is used as a coordinate - with the `from` and `runAfter` fields to establish - the execution order of tasks relative to one another. - type: string - params: - description: - Parameters declares parameters passed to - this task. - items: - description: - Param declares an ArrayOrString to use - for the parameter called name. - properties: - name: - type: string - value: - description: - ArrayOrString is a type that can - hold a single string or string array. Used in - JSON unmarshalling so that a single JSON field - can accept either an individual string or an - array of strings. - properties: - arrayVal: - items: - type: string - type: array - stringVal: - type: string - type: - description: - ParamType indicates the type - of an input parameter; Used to distinguish - between a single string and an array of - strings. - type: string - required: - - arrayVal - - stringVal - - type - type: object - required: - - name - - value - type: object - type: array - resources: - description: - Resources declares the resources given - to this task as inputs and outputs. - properties: - inputs: - description: - Inputs holds the mapping from the PipelineResources - declared in DeclaredPipelineResources to the input - PipelineResources required by the Task. - items: - description: - PipelineTaskInputResource maps the - name of a declared PipelineResource input dependency - in a Task to the resource in the Pipeline's - DeclaredPipelineResources that should be used. - This input may come from a previous task. - properties: - from: - description: - From is the list of PipelineTask - names that the resource has to come from. - (Implies an ordering in the execution graph.) - items: - type: string - type: array - name: - description: - Name is the name of the PipelineResource - as declared by the Task. - type: string - resource: - description: - Resource is the name of the DeclaredPipelineResource - to use. - type: string - required: - - name - - resource - type: object - type: array - outputs: - description: - Outputs holds the mapping from the - PipelineResources declared in DeclaredPipelineResources - to the input PipelineResources required by the - Task. - items: - description: - PipelineTaskOutputResource maps the - name of a declared PipelineResource output dependency - in a Task to the resource in the Pipeline's - DeclaredPipelineResources that should be used. - properties: - name: - description: - Name is the name of the PipelineResource - as declared by the Task. - type: string - resource: - description: - Resource is the name of the DeclaredPipelineResource - to use. - type: string - required: - - name - - resource - type: object - type: array - type: object - retries: - description: - "Retries represents how many times this - task should be retried in case of task failure: ConditionSucceeded - set to False" - type: integer - runAfter: - description: - RunAfter is the list of PipelineTask names - that should be executed before this Task executes. - (Used to force a specific ordering in graph execution.) - items: - type: string - type: array - taskRef: - description: TaskRef is a reference to a task definition. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: - TaskKind indicates the kind of the - task, namespaced or cluster scoped. - type: string - name: - description: "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - taskSpec: - description: TaskSpec is specification of a task - properties: - description: - description: - Description is a user-facing description - of the task that may be used to populate a UI. - type: string - inputs: - description: - Inputs is an optional set of parameters - and resources which must be supplied by the user - when a Task is executed by a TaskRun. - properties: - params: - description: - Params is a list of input parameters - required to run the task. Params must be supplied - as inputs in TaskRuns unless they declare - a default value. - items: - description: - ParamSpec defines arbitrary parameters - needed beyond typed inputs (such as resources). - Parameter values are provided by users as - inputs on a TaskRun or PipelineRun. - properties: - default: - description: - Default is the value a parameter - takes if no input value is supplied. - If default is set, a Task may be executed - without a supplied value for the parameter. - properties: - arrayVal: - items: - type: string - type: array - stringVal: - type: string - type: - description: - ParamType indicates the - type of an input parameter; Used - to distinguish between a single - string and an array of strings. - type: string - required: - - arrayVal - - stringVal - - type - type: object - description: - description: - Description is a user-facing - description of the parameter that may - be used to populate a UI. - type: string - name: - description: - Name declares the name by - which a parameter is referenced. - type: string - type: - description: - Type is the user-specified - type of the parameter. The possible - types are currently "string" and "array", - and "string" is the default. - type: string - required: - - name - type: object - type: array - resources: - description: - Resources is a list of the input - resources required to run the task. Resources - are represented in TaskRuns as bindings to - instances of PipelineResources. - items: - description: - TaskResource defines an input - or output Resource declared as a requirement - by a Task. The Name field will be used to - refer to these Resources within the Task - definition, and when provided as an Input, - the Name will be the path to the volume - mounted containing this Resource as an input - (e.g. an input Resource named `workspace` - will be mounted at `/workspace`). - properties: - description: - description: - Description is a user-facing - description of the declared resource - that may be used to populate a UI. - type: string - name: - description: - Name declares the name by - which a resource is referenced in the - definition. Resources may be referenced - by name in the definition of a Task's - steps. - type: string - optional: - description: - "Optional declares the resource - as optional. By default optional is - set to false which makes a resource - required. optional: true - the resource - is considered optional optional: false - - the resource is considered required - (equivalent of not specifying it)" - type: boolean - targetPath: - description: - TargetPath is the path in - workspace directory where the resource - will be copied. - type: string - type: - description: - Type is the type of this - resource; - type: string - required: - - name - - type - type: object - type: array - type: object - outputs: - description: - Outputs is an optional set of resources - and results produced when this Task is run. - properties: - resources: - items: - description: - TaskResource defines an input - or output Resource declared as a requirement - by a Task. The Name field will be used to - refer to these Resources within the Task - definition, and when provided as an Input, - the Name will be the path to the volume - mounted containing this Resource as an input - (e.g. an input Resource named `workspace` - will be mounted at `/workspace`). - properties: - description: - description: - Description is a user-facing - description of the declared resource - that may be used to populate a UI. - type: string - name: - description: - Name declares the name by - which a resource is referenced in the - definition. Resources may be referenced - by name in the definition of a Task's - steps. - type: string - optional: - description: - "Optional declares the resource - as optional. By default optional is - set to false which makes a resource - required. optional: true - the resource - is considered optional optional: false - - the resource is considered required - (equivalent of not specifying it)" - type: boolean - targetPath: - description: - TargetPath is the path in - workspace directory where the resource - will be copied. - type: string - type: - description: - Type is the type of this - resource; - type: string - required: - - name - - type - type: object - type: array - results: - items: - description: - TestResult allows a task to specify - the location where test logs can be found - and what format they will be in. - properties: - format: - description: - 'TODO: maybe this is an enum - with types like "go test", "junit", - etc.' - type: string - name: - description: - Name declares the name by - which a result is referenced in the - Task's definition. Results may be referenced - by name in the definition of a Task's - steps. - type: string - path: - type: string - required: - - format - - name - - path - type: object - type: array - type: object - params: - description: - Params is a list of input parameters - required to run the task. Params must be supplied - as inputs in TaskRuns unless they declare a default - value. - items: - description: - ParamSpec defines arbitrary parameters - needed beyond typed inputs (such as resources). - Parameter values are provided by users as inputs - on a TaskRun or PipelineRun. - properties: - default: - description: - Default is the value a parameter - takes if no input value is supplied. If - default is set, a Task may be executed without - a supplied value for the parameter. - properties: - arrayVal: - items: - type: string - type: array - stringVal: - type: string - type: - description: - ParamType indicates the type - of an input parameter; Used to distinguish - between a single string and an array - of strings. - type: string - required: - - arrayVal - - stringVal - - type - type: object - description: - description: - Description is a user-facing - description of the parameter that may be - used to populate a UI. - type: string - name: - description: - Name declares the name by which - a parameter is referenced. - type: string - type: - description: - Type is the user-specified type - of the parameter. The possible types are - currently "string" and "array", and "string" - is the default. - type: string - required: - - name - type: object - type: array - resources: - description: - Resources is a list input and output - resource to run the task Resources are represented - in TaskRuns as bindings to instances of PipelineResources. - properties: - inputs: - description: - Inputs holds the mapping from the - PipelineResources declared in DeclaredPipelineResources - to the input PipelineResources required by - the Task. - items: - description: - TaskResource defines an input - or output Resource declared as a requirement - by a Task. The Name field will be used to - refer to these Resources within the Task - definition, and when provided as an Input, - the Name will be the path to the volume - mounted containing this Resource as an input - (e.g. an input Resource named `workspace` - will be mounted at `/workspace`). - properties: - description: - description: - Description is a user-facing - description of the declared resource - that may be used to populate a UI. - type: string - name: - description: - Name declares the name by - which a resource is referenced in the - definition. Resources may be referenced - by name in the definition of a Task's - steps. - type: string - optional: - description: - "Optional declares the resource - as optional. By default optional is - set to false which makes a resource - required. optional: true - the resource - is considered optional optional: false - - the resource is considered required - (equivalent of not specifying it)" - type: boolean - targetPath: - description: - TargetPath is the path in - workspace directory where the resource - will be copied. - type: string - type: - description: - Type is the type of this - resource; - type: string - required: - - name - - type - type: object - type: array - outputs: - description: - Outputs holds the mapping from - the PipelineResources declared in DeclaredPipelineResources - to the input PipelineResources required by - the Task. - items: - description: - TaskResource defines an input - or output Resource declared as a requirement - by a Task. The Name field will be used to - refer to these Resources within the Task - definition, and when provided as an Input, - the Name will be the path to the volume - mounted containing this Resource as an input - (e.g. an input Resource named `workspace` - will be mounted at `/workspace`). - properties: - description: - description: - Description is a user-facing - description of the declared resource - that may be used to populate a UI. - type: string - name: - description: - Name declares the name by - which a resource is referenced in the - definition. Resources may be referenced - by name in the definition of a Task's - steps. - type: string - optional: - description: - "Optional declares the resource - as optional. By default optional is - set to false which makes a resource - required. optional: true - the resource - is considered optional optional: false - - the resource is considered required - (equivalent of not specifying it)" - type: boolean - targetPath: - description: - TargetPath is the path in - workspace directory where the resource - will be copied. - type: string - type: - description: - Type is the type of this - resource; - type: string - required: - - name - - type - type: object - type: array - type: object - results: - description: - Results are values that this Task can - output - items: - description: - TaskResult used to describe the results - of a task - properties: - description: - description: - Description is a human-readable - description of the result - type: string - name: - description: Name the given name - type: string - required: - - name - type: object - type: array - sidecars: - description: - Sidecars are run alongside the Task's - step containers. They begin before the steps start - and end after the steps complete. - items: - description: - Step embeds the Container type, which - allows it to include fields not provided by - Container. - properties: - args: - description: - 'Arguments to the entrypoint. - The docker image''s CMD is used if this - is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed - within a shell. The docker image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the - input string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables - to set in the container. Cannot be updated. - items: - description: - EnvVar represents an environment - variable present in a Container. - properties: - name: - description: - Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: - Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: - Selects a key of a - ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - fieldRef: - description: - "Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['']`, - `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: - Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: - "Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: - required for volumes, optional - for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: resource - to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: - Selects a key of a - secret in the pod's namespace - properties: - key: - description: - The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an - event when the container is starting. When - a key exists in multiple sources, the value - associated with the last source will take - precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot - be updated. - items: - description: - EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: - The ConfigMap to select - from - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - ConfigMap must be defined - type: boolean - type: object - prefix: - description: - An optional identifier - to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: - "Docker image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override - container images in workload controllers - like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always - if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: - Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: - "PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the - following should be specified. Exec - specifies the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the - http request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: - HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: - The header - field name - type: string - value: - description: - The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the - pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod's - termination grace period countdown begins - before the PreStop hooked is executed. - Regardless of the outcome of the handler, - the container will eventually terminate - within the Pod's termination grace - period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the - following should be specified. Exec - specifies the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the - http request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: - HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: - The header - field name - type: string - value: - description: - The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the - pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: - "Periodic probe of container - liveness. Container will be restarted if - the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies - the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the pod - IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the container specified - as a DNS_LABEL. Each container in a pod - must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: - List of ports to expose from - the container. Exposing a port here gives - the system additional information about - the network connections a container uses, - but is primarily informational. Not specifying - a port here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from the - network. Cannot be updated. - items: - description: - ContainerPort represents a - network port in a single container. - properties: - containerPort: - description: - Number of port to expose - on the pod's IP address. This must - be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: - What host IP to bind the - external port to. - type: string - hostPort: - description: - Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this - must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: - If specified, this must - be an IANA_SVC_NAME and unique within - the pod. Each named port in a pod - must have a unique name. Name for - the port that can be referred to by - services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must - be UDP, TCP, or SCTP. Defaults to - "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: - "Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies - the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the pod - IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: - "Compute Resources required by - this container. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - script: - description: - "Script is the contents of an - executable file to execute. \n If Script - is not empty, the Step cannot have an Command - or Args." - type: string - securityContext: - description: - "SecurityContext defines the - security options the container should be - run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: - The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. - properties: - add: - description: Added capabilities - items: - description: - Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: - Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. - type: boolean - procMount: - description: - procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. - type: string - readOnlyRootFilesystem: - description: - Whether this container has - a read-only root filesystem. Default - is false. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - properties: - level: - description: - Level is SELinux level - label that applies to the container. - type: string - role: - description: - Role is a SELinux role - label that applies to the container. - type: string - type: - description: - Type is a SELinux type - label that applies to the container. - type: string - user: - description: - User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. - properties: - localhostProfile: - description: - localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". - type: string - type: - description: - "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: - HostProcess determines - if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: - "StartupProbe indicates that - the Pod has successfully initialized. If - specified, no other probes are executed - until this completes successfully. If this - probe fails, the Pod will be restarted, - just as if the livenessProbe failed. This - can be used to provide different probe parameters - at the beginning of a Pod's lifecycle, - when it might take a long time to load data - or warm a cache, than during steady-state - operation. This cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies - the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the pod - IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: - Whether the container runtime - should close the stdin channel after it - has been opened by a single attach. When - stdin is true the stdin stream will remain - open across multiple attach sessions. If - stdinOnce is set to true, stdin is opened - on container start, is empty until the first - client attaches to stdin, and then remains - open and accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false - type: boolean - terminationMessagePath: - description: - "Optional: Path at which the - file to which the container's termination - message will be written is mounted into - the container's filesystem. Message written - is intended to be brief final status, such - as an assertion failure message. Will be - truncated by the node if greater than 4096 - bytes. The total message length across all - containers will be limited to 12kb. Defaults - to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination - message should be populated. File will use - the contents of terminationMessagePath to - populate the container status message on - both success and failure. FallbackToLogsOnError - will use the last chunk of container log - output if the termination message file is - empty and the container exited with an error. - The log output is limited to 2048 bytes - or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: - Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of - block devices to be used by the container. - items: - description: - volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: - devicePath is the path - inside of the container that the device - will be mapped to. - type: string - name: - description: - name must match the name - of a persistentVolumeClaim in the - pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the - container's filesystem. Cannot be updated. - items: - description: - VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: - Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines - how mounts are propagated from the - host to container and the other way - around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: - This must match the Name - of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: - Path within the volume - from which the container's volume - should be mounted. Defaults to "" - (volume's root). - type: string - subPathExpr: - description: - Expanded path within the - volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) are - expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - stepTemplate: - description: - StepTemplate can be used as the basis - for all step containers within the Task, so that - the steps inherit settings on the base container. - properties: - args: - description: - 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not - provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed - within a shell. The docker image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the - $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables to - set in the container. Cannot be updated. - items: - description: - EnvVar represents an environment - variable present in a Container. - properties: - name: - description: - Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: - Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - fieldRef: - description: - "Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: - Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: - "Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: - required for volumes, optional - for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: resource - to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: - Selects a key of a secret - in the pod's namespace - properties: - key: - description: - The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: - EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - must be defined - type: boolean - type: object - prefix: - description: - An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret - must be defined - type: boolean - type: object - type: object - type: array - image: - description: - "Docker image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets." - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: - Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: - "PostStart is called immediately - after a container is created. If the handler - fails, the container is terminated and - restarted according to its restart policy. - Other management of the container blocks - until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the - following should be specified. Exec - specifies the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an - action involving a TCP port. TCP hooks - not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the - pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately - before a container is terminated due to - an API request or management event such - as liveness/startup probe failure, preemption, - resource contention, etc. The handler - is not called if the container crashes - or exits. The reason for termination is - passed to the handler. The Pod's termination - grace period countdown begins before the - PreStop hooked is executed. Regardless - of the outcome of the handler, the container - will eventually terminate within the Pod's - termination grace period. Other management - of the container blocks until the hook - completes or until the termination grace - period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the - following should be specified. Exec - specifies the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The command - is simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, you - need to explicitly call out to - that shell. Exit status of 0 is - treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an - action involving a TCP port. TCP hooks - not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the - pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 - to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: - "Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies the - action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to - connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the container specified - as a DNS_LABEL. Each container in a pod must - have a unique name (DNS_LABEL). Cannot be - updated. - type: string - ports: - description: - List of ports to expose from the - container. Exposing a port here gives the - system additional information about the network - connections a container uses, but is primarily - informational. Not specifying a port here - DOES NOT prevent that port from being exposed. - Any port which is listening on the default - "0.0.0.0" address inside a container will - be accessible from the network. Cannot be - updated. - items: - description: - ContainerPort represents a network - port in a single container. - properties: - containerPort: - description: - Number of port to expose - on the pod's IP address. This must be - a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: - What host IP to bind the - external port to. - type: string - hostPort: - description: - Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must - match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: - If specified, this must be - an IANA_SVC_NAME and unique within the - pod. Each named port in a pod must have - a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must be - UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: - "Periodic probe of container service - readiness. Container will be removed from - service endpoints if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies the - action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to - connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: - "Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - securityContext: - description: - "SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: - The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. - properties: - add: - description: Added capabilities - items: - description: - Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: - Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. - type: boolean - procMount: - description: - procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. - type: string - readOnlyRootFilesystem: - description: - Whether this container has - a read-only root filesystem. Default is - false. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - properties: - level: - description: - Level is SELinux level - label that applies to the container. - type: string - role: - description: - Role is a SELinux role - label that applies to the container. - type: string - type: - description: - Type is a SELinux type - label that applies to the container. - type: string - user: - description: - User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. - properties: - localhostProfile: - description: - localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must only be set - if type is "Localhost". - type: string - type: - description: - "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: - HostProcess determines - if a container should be run as a - 'Host Process' container. This field - is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without - the feature flag will result in errors - when validating the Pod. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In - addition, if HostProcess is true then - HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: - "StartupProbe indicates that the - Pod has successfully initialized. If specified, - no other probes are executed until this completes - successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe - failed. This can be used to provide different - probe parameters at the beginning of a Pod's - lifecycle, when it might take a long time - to load data or warm a cache, than during - steady-state operation. This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies the - action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it is - not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to 3. - Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect to, - defaults to the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set in - the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in HTTP - probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the - container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform - the probe. Default to 10 seconds. Minimum - value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to - connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port - to access on the container. Number - must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period is - the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. If this - value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value - must be non-negative integer. The value - zero indicates stop immediately via the - kill signal (no opportunity to shut down). - This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which - the probe times out. Defaults to 1 second. - Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should allocate - a buffer for stdin in the container runtime. - If this is not set, reads from stdin in the - container will always result in EOF. Default - is false. - type: boolean - stdinOnce: - description: - Whether the container runtime should - close the stdin channel after it has been - opened by a single attach. When stdin is true - the stdin stream will remain open across multiple - attach sessions. If stdinOnce is set to true, - stdin is opened on container start, is empty - until the first client attaches to stdin, - and then remains open and accepts data until - the client disconnects, at which time stdin - is closed and remains closed until the container - is restarted. If this flag is false, a container - processes that reads from stdin will never - receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: - "Optional: Path at which the file - to which the container's termination message - will be written is mounted into the container's - filesystem. Message written is intended to - be brief final status, such as an assertion - failure message. Will be truncated by the - node if greater than 4096 bytes. The total - message length across all containers will - be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination message - should be populated. File will use the contents - of terminationMessagePath to populate the - container status message on both success and - failure. FallbackToLogsOnError will use the - last chunk of container log output if the - termination message file is empty and the - container exited with an error. The log output - is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: - Whether this container should allocate - a TTY for itself, also requires 'stdin' to - be true. Default is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of block - devices to be used by the container. - items: - description: - volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: - devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: - name must match the name - of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: - VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: - Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: - This must match the Name - of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: - Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: - Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object - steps: - description: - Steps are the steps of the build; each - step is run sequentially with the source mounted - into /workspace. - items: - description: - Step embeds the Container type, which - allows it to include fields not provided by - Container. - properties: - args: - description: - 'Arguments to the entrypoint. - The docker image''s CMD is used if this - is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. - If a variable cannot be resolved, the reference - in the input string will be unchanged. Double - $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed - within a shell. The docker image''s ENTRYPOINT - is used if this is not provided. Variable - references $(VAR_NAME) are expanded using - the container''s environment. If a variable - cannot be resolved, the reference in the - input string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables - to set in the container. Cannot be updated. - items: - description: - EnvVar represents an environment - variable present in a Container. - properties: - name: - description: - Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) - are expanded using the previously - defined environment variables in the - container and any service environment - variables. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, - regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: - Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: - Selects a key of a - ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether - the ConfigMap or its key must - be defined - type: boolean - required: - - key - type: object - fieldRef: - description: - "Selects a field of - the pod: supports metadata.name, - metadata.namespace, `metadata.labels['']`, - `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: - Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: - "Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: - required for volumes, optional - for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: resource - to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: - Selects a key of a - secret in the pod's namespace - properties: - key: - description: - The key of the - secret to select from. Must - be a valid secret key. - type: string - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether - the Secret or its key must - be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. - All invalid keys will be reported as an - event when the container is starting. When - a key exists in multiple sources, the value - associated with the last source will take - precedence. Values defined by an Env with - a duplicate key will take precedence. Cannot - be updated. - items: - description: - EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: - The ConfigMap to select - from - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - ConfigMap must be defined - type: boolean - type: object - prefix: - description: - An optional identifier - to prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: - "Docker image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override - container images in workload controllers - like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always - if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: - Actions that the management system - should take in response to container lifecycle - events. Cannot be updated. - properties: - postStart: - description: - "PostStart is called immediately - after a container is created. If the - handler fails, the container is terminated - and restarted according to its restart - policy. Other management of the container - blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the - following should be specified. Exec - specifies the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the - http request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: - HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: - The header - field name - type: string - value: - description: - The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the - pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately - before a container is terminated due - to an API request or management event - such as liveness/startup probe failure, - preemption, resource contention, etc. - The handler is not called if the container - crashes or exits. The reason for termination - is passed to the handler. The Pod's - termination grace period countdown begins - before the PreStop hooked is executed. - Regardless of the outcome of the handler, - the container will eventually terminate - within the Pod's termination grace - period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the - following should be specified. Exec - specifies the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the - http request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: - HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: - The header - field name - type: string - value: - description: - The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the - pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: - "Periodic probe of container - liveness. Container will be restarted if - the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies - the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the pod - IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the container specified - as a DNS_LABEL. Each container in a pod - must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: - List of ports to expose from - the container. Exposing a port here gives - the system additional information about - the network connections a container uses, - but is primarily informational. Not specifying - a port here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from the - network. Cannot be updated. - items: - description: - ContainerPort represents a - network port in a single container. - properties: - containerPort: - description: - Number of port to expose - on the pod's IP address. This must - be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: - What host IP to bind the - external port to. - type: string - hostPort: - description: - Number of port to expose - on the host. If specified, this must - be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this - must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: - If specified, this must - be an IANA_SVC_NAME and unique within - the pod. Each named port in a pod - must have a unique name. Name for - the port that can be referred to by - services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must - be UDP, TCP, or SCTP. Defaults to - "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: - "Periodic probe of container - service readiness. Container will be removed - from service endpoints if the probe fails. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies - the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the pod - IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: - "Compute Resources required by - this container. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - script: - description: - "Script is the contents of an - executable file to execute. \n If Script - is not empty, the Step cannot have an Command - or Args." - type: string - securityContext: - description: - "SecurityContext defines the - security options the container should be - run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent process. - This bool directly controls if the no_new_privs - flag will be set on the container process. - AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: - The capabilities to add/drop - when running containers. Defaults to - the default set of capabilities granted - by the container runtime. - properties: - add: - description: Added capabilities - items: - description: - Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: - Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. - type: boolean - procMount: - description: - procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults - for readonly paths and masked paths. - This requires the ProcMountType feature - flag to be enabled. - type: string - readOnlyRootFilesystem: - description: - Whether this container has - a read-only root filesystem. Default - is false. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be - applied to the container. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - properties: - level: - description: - Level is SELinux level - label that applies to the container. - type: string - role: - description: - Role is a SELinux role - label that applies to the container. - type: string - type: - description: - Type is a SELinux type - label that applies to the container. - type: string - user: - description: - User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. - properties: - localhostProfile: - description: - localhostProfile indicates - a profile defined in a file on the - node should be used. The profile - must be preconfigured on the node - to work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must only - be set if type is "Localhost". - type: string - type: - description: - "type indicates which - kind of seccomp profile will be - applied. Valid options are: \n Localhost - - a profile defined in a file on - the node should be used. RuntimeDefault - - the container runtime default - profile should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: - HostProcess determines - if a container should be run as - a 'Host Process' container. This - field is alpha-level and will only - be honored by components that enable - the WindowsHostProcessContainers - feature flag. Setting this field - without the feature flag will result - in errors when validating the Pod. - All of a Pod's containers must have - the same effective HostProcess value - (it is not allowed to have a mix - of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess - is true then HostNetwork must also - be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: - "StartupProbe indicates that - the Pod has successfully initialized. If - specified, no other probes are executed - until this completes successfully. If this - probe fails, the Pod will be restarted, - just as if the livenessProbe failed. This - can be used to provide different probe parameters - at the beginning of a Pod's lifecycle, - when it might take a long time to load data - or warm a cache, than during steady-state - operation. This cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following - should be specified. Exec specifies - the action to take. - properties: - command: - description: - Command is the command - line to execute inside the container, - the working directory for the command is - root ('/') in the container's filesystem. - The command is simply exec'd, it - is not run inside a shell, so traditional - shell instructions ('|', etc) won't - work. To use a shell, you need to - explicitly call out to that shell. - Exit status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: - HTTPGet specifies the http - request to perform. - properties: - host: - description: - Host name to connect - to, defaults to the pod IP. You - probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: - Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: - HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: - The header field - name - type: string - value: - description: - The header field - value - type: string - required: - - name - - value - type: object - type: array - path: - description: - Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after - the container has started before liveness - probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to - perform the probe. Default to 10 seconds. - Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name - to connect to, defaults to the pod - IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the - port to access on the container. - Number must be in the range 1 to - 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds - the pod needs to terminate gracefully - upon probe failure. The grace period - is the duration in seconds after the - processes running in the pod are sent - a termination signal and the time when - the processes are forcibly halted with - a kill signal. Set this value longer - than the expected cleanup time for your - process. If this value is nil, the pod's - terminationGracePeriodSeconds will be - used. Otherwise, this value overrides - the value provided by the pod spec. - Value must be non-negative integer. - The value zero indicates stop immediately - via the kill signal (no opportunity - to shut down). This is a beta field - and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: - Whether the container runtime - should close the stdin channel after it - has been opened by a single attach. When - stdin is true the stdin stream will remain - open across multiple attach sessions. If - stdinOnce is set to true, stdin is opened - on container start, is empty until the first - client attaches to stdin, and then remains - open and accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false - type: boolean - terminationMessagePath: - description: - "Optional: Path at which the - file to which the container's termination - message will be written is mounted into - the container's filesystem. Message written - is intended to be brief final status, such - as an assertion failure message. Will be - truncated by the node if greater than 4096 - bytes. The total message length across all - containers will be limited to 12kb. Defaults - to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination - message should be populated. File will use - the contents of terminationMessagePath to - populate the container status message on - both success and failure. FallbackToLogsOnError - will use the last chunk of container log - output if the termination message file is - empty and the container exited with an error. - The log output is limited to 2048 bytes - or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. - type: string - tty: - description: - Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of - block devices to be used by the container. - items: - description: - volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: - devicePath is the path - inside of the container that the device - will be mapped to. - type: string - name: - description: - name must match the name - of a persistentVolumeClaim in the - pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the - container's filesystem. Cannot be updated. - items: - description: - VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: - Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines - how mounts are propagated from the - host to container and the other way - around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: - This must match the Name - of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: - Path within the volume - from which the container's volume - should be mounted. Defaults to "" - (volume's root). - type: string - subPathExpr: - description: - Expanded path within the - volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) are - expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. - If not specified, the container runtime's - default will be used, which might be configured - in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - volumes: - description: - Volumes is a collection of volumes - that are available to mount into the steps of - the build. - items: - description: - Volume represents a named volume - in a pod that may be accessed by any container - in the pod. - properties: - awsElasticBlockStore: - description: - "AWSElasticBlockStore represents - an AWS Disk resource that is attached to - a kubelet's host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure - that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: - 'The partition in the volume - that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you - specify the partition as "1". Similarly, - the volume partition for /dev/sda is - "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: - 'Specify "true" to force - and set the ReadOnly property in VolumeMounts - to "true". If omitted, the default is - "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: - "Unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: string - required: - - volumeID - type: object - azureDisk: - description: - AzureDisk represents an Azure - Data Disk mount on the host and bind mount - to the pod. - properties: - cachingMode: - description: - "Host Caching mode: None, - Read Only, Read Write." - type: string - diskName: - description: - The Name of the data disk - in the blob storage - type: string - diskURI: - description: - The URI the data disk in - the blob storage - type: string - fsType: - description: - Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - kind: - description: - "Expected values Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared" - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: - AzureFile represents an Azure - File Service mount on the host and bind - mount to the pod. - properties: - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - secretName: - description: - the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: - CephFS represents a Ceph FS mount - on the host that shares a pod's lifetime - properties: - monitors: - description: - "Required: Monitors is a - collection of Ceph monitors More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: string - type: array - path: - description: - "Optional: Used as the mounted - root, rather than the full Ceph tree, - default is /" - type: string - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: boolean - secretFile: - description: - "Optional: SecretFile is - the path to key ring for User, default - is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - secretRef: - description: - "Optional: SecretRef is reference - to the authentication secret for User, - default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - user: - description: - "Optional: User is the rados - user name, default is admin More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - required: - - monitors - type: object - cinder: - description: - "Cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: - 'Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: boolean - secretRef: - description: - "Optional: points to a secret - object containing parameters used to - connect to OpenStack." - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - volumeID: - description: - "volume id used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: string - required: - - volumeID - type: object - configMap: - description: - ConfigMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: - "Optional: mode bits used - to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not - affected by this setting. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the - volume as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or - start with '..'. - items: - description: - Maps a string key to a - path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits - used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of - the file to map the key to. May - not be an absolute path. May not - contain the path element '..'. - May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - csi: - description: - CSI (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: - description: - Driver is the name of the - CSI driver that handles this volume. - Consult with your admin for the correct - name as registered in the cluster. - type: string - fsType: - description: - Filesystem type to mount. - Ex. "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the associated - CSI driver which will determine the - default filesystem to apply. - type: string - nodePublishSecretRef: - description: - NodePublishSecretRef is a - reference to the secret object containing - sensitive information to pass to the - CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This - field is optional, and may be empty - if no secret is required. If the secret - object contains more than one secret, - all secret references are passed. - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - readOnly: - description: - Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: - VolumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: - DownwardAPI represents downward - API about the pod that should populate this - volume - properties: - defaultMode: - description: - "Optional: mode bits to use - on created files by default. Must be - a Optional: mode bits used to set permissions - on created files by default. Must be - an octal value between 0000 and 0777 - or a decimal value between 0 and 511. - YAML accepts both octal and decimal - values, JSON requires decimal values - for mode bits. Defaults to 0644. Directories - within the path are not affected by - this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set." - format: int32 - type: integer - items: - description: - Items is a list of downward - API volume file - items: - description: - DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: - "Required: Selects - a field of the pod: only annotations, - labels, name and namespace are - supported." - properties: - apiVersion: - description: - Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set." - format: int32 - type: integer - path: - description: - "Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the '..' path. Must - be utf-8 encoded. The first item - of the relative path must not - start with '..'" - type: string - resourceFieldRef: - description: - "Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu and - requests.memory) are currently - supported." - properties: - containerName: - description: - "Container name: - required for volumes, optional - for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: resource - to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: - "EmptyDir represents a temporary - directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: - 'What type of storage medium - should back this directory. The default - is "" which means to use the node''s - default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: - "Total amount of local storage - required for this EmptyDir volume. The - size limit is also applicable for memory - medium. The maximum usage on memory - medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of - all containers in a pod. The default - is nil which means that the limit is - undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: - "Ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod - is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the - storage driver is specified through a storage - class, and d) the storage driver supports - dynamic volume provisioning through a - PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection - between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the - vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual - pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be - used that way - see the documentation of - the driver for more information. \n A pod - can use both types of ephemeral volumes - and persistent volumes at the same time. - \n This is a beta feature and only available - when the GenericEphemeralVolume feature - gate is enabled." - properties: - volumeClaimTemplate: - description: - "Will be used to create a - stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource - is embedded will be the owner of the - PVC, i.e. the PVC will be deleted together - with the pod. The name of the PVC will - be `-` where - `` is the name from the - `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated - name is not valid for a PVC (for example, - too long). \n An existing PVC with that - name that is not owned by the pod will - *not* be used for the pod to avoid using - an unrelated volume by mistake. Starting - the pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod exists. - Normally this should not be necessary, - but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: - May contain labels and - annotations that will be copied - into the PVC when creating it. No - other fields are allowed and will - be rejected during validation. - type: object - spec: - description: - The specification for - the PersistentVolumeClaim. The entire - content is copied unchanged into - the PVC that gets created from this - template. The same fields as in - a PersistentVolumeClaim are also - valid here. - properties: - accessModes: - description: - "AccessModes contains - the desired access modes the - volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: - "This field can be - used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create - a new volume based on the contents - of the specified data source. - If the AnyVolumeDataSource feature - gate is enabled, this field - will always have the same contents - as the DataSourceRef field." - properties: - apiGroup: - description: - APIGroup is the - group for the resource being - referenced. If APIGroup - is not specified, the specified - Kind must be in the core - API group. For any other - third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type - of resource being referenced - type: string - name: - description: - Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: - "Specifies the object - from which to populate the volume - with data, if a non-empty volume - is desired. This may be any - local object from a non-empty - API group (non core object) - or a PersistentVolumeClaim object. - When this field is specified, - volume binding will only succeed - if the type of the specified - object matches some installed - volume populator or dynamic - provisioner. This field will - replace the functionality of - the DataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, - both fields (DataSource and - DataSourceRef) will be set to - the same value automatically - if one of them is empty and - the other is non-empty. There - are two important differences - between DataSource and DataSourceRef: - * While DataSource only allows - two specific types of objects, - DataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While DataSource - ignores disallowed values (dropping - them), DataSourceRef preserves - all values, and generates an - error if a disallowed value - is specified. (Alpha) Using - this field requires the AnyVolumeDataSource - feature gate to be enabled." - properties: - apiGroup: - description: - APIGroup is the - group for the resource being - referenced. If APIGroup - is not specified, the specified - Kind must be in the core - API group. For any other - third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type - of resource being referenced - type: string - name: - description: - Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - resources: - description: - "Resources represents - the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes - the maximum amount of compute - resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if - that is explicitly specified, - otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - selector: - description: - A label query over - volumes to consider for binding. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: - A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: - key is - the label key that - the selector applies - to. - type: string - operator: - description: - operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - storageClassName: - description: - "Name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: - volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. - type: string - volumeName: - description: - VolumeName is the - binding reference to the PersistentVolume - backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: - FC represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the pod. - properties: - fsType: - description: - 'Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how - do we prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: - "Optional: FC target lun - number" - format: int32 - type: integer - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts." - type: boolean - targetWWNs: - description: - "Optional: FC target worldwide - names (WWNs)" - items: - type: string - type: array - wwids: - description: - "Optional: FC volume world - wide identifiers (wwids) Either wwids - or combination of targetWWNs and lun - must be set, but not both simultaneously." - items: - type: string - type: array - type: object - flexVolume: - description: - FlexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. - properties: - driver: - description: - Driver is the name of the - driver to use for this volume. - type: string - fsType: - description: - Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: - "Optional: Extra command - options if any." - type: object - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts." - type: boolean - secretRef: - description: - "Optional: SecretRef is reference - to the secret object containing sensitive - information to pass to the plugin scripts. - This may be empty if no secret object - is specified. If the secret object contains - more than one secret, all secrets are - passed to the plugin scripts." - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - required: - - driver - type: object - flocker: - description: - Flocker represents a Flocker - volume attached to a kubelet's host machine. - This depends on the Flocker control service - being running - properties: - datasetName: - description: - Name of the dataset stored - as metadata -> name on the dataset for - Flocker should be considered as deprecated - type: string - datasetUUID: - description: - UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: - "GCEPersistentDisk represents - a GCE Disk resource that is attached to - a kubelet's host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure - that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: - 'The partition in the volume - that you want to mount. If omitted, - the default is to mount by volume name. - Examples: For volume /dev/sda1, you - specify the partition as "1". Similarly, - the volume partition for /dev/sda is - "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: - "Unique name of the PD resource - in GCE. Used to identify the disk in - GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: string - readOnly: - description: - "ReadOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: boolean - required: - - pdName - type: object - gitRepo: - description: - "GitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container - with a git repo, mount an EmptyDir into - an InitContainer that clones the repo using - git, then mount the EmptyDir into the Pod's - container." - properties: - directory: - description: - Target directory name. Must - not contain or start with '..'. If - '.' is supplied, the volume directory - will be the git repository. Otherwise, - if specified, the volume will contain - the git repository in the subdirectory - with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: - Commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: - "Glusterfs represents a Glusterfs - mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: - "EndpointsName is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - path: - description: - "Path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - readOnly: - description: - "ReadOnly here will force - the Glusterfs volume to be mounted with - read-only permissions. Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: - "HostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write." - properties: - path: - description: - "Path of the directory on - the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: string - type: - description: - 'Type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: - "ISCSI represents an ISCSI Disk - resource that is attached to a kubelet's - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: - whether support iSCSI Discovery - CHAP authentication - type: boolean - chapAuthSession: - description: - whether support iSCSI Session - CHAP authentication - type: boolean - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure - that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - initiatorName: - description: - Custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface - : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: - iSCSI Interface Name that - uses an iSCSI transport. Defaults to - 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: - iSCSI Target Portal List. - The portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: - ReadOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: - CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - targetPortal: - description: - iSCSI Target Portal. The - Portal is either an IP or ip_addr:port - if the port is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: - "Volume's name. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - nfs: - description: - "NFS represents an NFS mount - on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: - "Path that is exported by - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - readOnly: - description: - "ReadOnly here will force - the NFS export to be mounted with read-only - permissions. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: boolean - server: - description: - "Server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: - "PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: - "ClaimName is the name of - a PersistentVolumeClaim in the same - namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: - Will force the ReadOnly setting - in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: - PhotonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: - description: - Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - pdID: - description: - ID that identifies Photon - Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: - PortworxVolume represents a portworx - volume attached and mounted on kubelets - host machine - properties: - fsType: - description: - FSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - volumeID: - description: - VolumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: - Items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: - Mode bits used to set permissions - on created files by default. Must be - an octal value between 0000 and 0777 - or a decimal value between 0 and 511. - YAML accepts both octal and decimal - values, JSON requires decimal values - for mode bits. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, like - fsGroup, and the result can be other - mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: - Projection that may be - projected along with other supported - volume types - properties: - configMap: - description: - information about the - configMap data to project - properties: - items: - description: - If unspecified, - each key-value pair in the - Data field of the referenced - ConfigMap will be projected - into the volume as a file - whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, - and unlisted keys will not - be present. If a key is specified - which is not present in the - ConfigMap, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - items: - description: - Maps a string - key to a path within a volume. - properties: - key: - description: - The key to - project. - type: string - mode: - description: - "Optional: - mode bits used to set - permissions on this - file. Must be an octal - value between 0000 and - 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and - decimal values, JSON - requires decimal values - for mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative - path of the file to - map the key to. May - not be an absolute path. - May not contain the - path element '..'. May - not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether - the ConfigMap or its keys - must be defined - type: boolean - type: object - downwardAPI: - description: - information about the - downwardAPI data to project - properties: - items: - description: - Items is a list - of DownwardAPIVolume file - items: - description: - DownwardAPIVolumeFile - represents information to - create the file containing - the pod field - properties: - fieldRef: - description: - "Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported." - properties: - apiVersion: - description: - Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: - Path - of the field to - select in the specified - API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: - mode bits used to set - permissions on this - file, must be an octal - value between 0000 and - 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and - decimal values, JSON - requires decimal values - for mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set." - format: int32 - type: integer - path: - description: - "Required: - Path is the relative - path name of the file - to be created. Must - not be absolute or contain - the '..' path. Must - be utf-8 encoded. The - first item of the relative - path must not start - with '..'" - type: string - resourceFieldRef: - description: - "Selects - a resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported." - properties: - containerName: - description: - "Container - name: required for - volumes, optional - for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: - resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: - information about the - secret data to project - properties: - items: - description: - If unspecified, - each key-value pair in the - Data field of the referenced - Secret will be projected into - the volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be projected - into the specified paths, - and unlisted keys will not - be present. If a key is specified - which is not present in the - Secret, the volume setup will - error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - items: - description: - Maps a string - key to a path within a volume. - properties: - key: - description: - The key to - project. - type: string - mode: - description: - "Optional: - mode bits used to set - permissions on this - file. Must be an octal - value between 0000 and - 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and - decimal values, JSON - requires decimal values - for mode bits. If not - specified, the volume - defaultMode will be - used. This might be - in conflict with other - options that affect - the file mode, like - fsGroup, and the result - can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative - path of the file to - map the key to. May - not be an absolute path. - May not contain the - path element '..'. May - not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether - the Secret or its key must - be defined - type: boolean - type: object - serviceAccountToken: - description: - information about the - serviceAccountToken data to project - properties: - audience: - description: - Audience is the - intended audience of the token. - A recipient of a token must - identify itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. The - audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: - ExpirationSeconds - is the requested duration - of validity of the service - account token. As the token - approaches expiration, the - kubelet volume plugin will - proactively rotate the service - account token. The kubelet - will start trying to rotate - the token if the token is - older than 80 percent of its - time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. - format: int64 - type: integer - path: - description: - Path is the path - relative to the mount point - of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: - Quobyte represents a Quobyte - mount on the host that shares a pod's lifetime - properties: - group: - description: - Group to map volume access - to Default is no group - type: string - readOnly: - description: - ReadOnly here will force - the Quobyte volume to be mounted with - read-only permissions. Defaults to false. - type: boolean - registry: - description: - Registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with - commas) which acts as the central registry - for volumes - type: string - tenant: - description: - Tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin - type: string - user: - description: - User to map volume access - to Defaults to serivceaccount user - type: string - volume: - description: - Volume is a string that references - an already created Quobyte volume by - name. - type: string - required: - - registry - - volume - type: object - rbd: - description: - "RBD represents a Rados Block - Device mount on the host that shares a pod's - lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure - that the filesystem type is supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - image: - description: - "The rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - keyring: - description: - "Keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - monitors: - description: - "A collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: string - type: array - pool: - description: - "The rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - readOnly: - description: - "ReadOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: boolean - secretRef: - description: - "SecretRef is name of the - authentication secret for RBDUser. If - provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - user: - description: - "The rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - required: - - image - - monitors - type: object - scaleIO: - description: - ScaleIO represents a ScaleIO - persistent volume attached and mounted on - Kubernetes nodes. - properties: - fsType: - description: - Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: - The host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: - The name of the ScaleIO Protection - Domain for the configured storage. - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - sslEnabled: - description: - Flag to enable/disable SSL - communication with Gateway, default - false - type: boolean - storageMode: - description: - Indicates whether the storage - for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: - The ScaleIO Storage Pool - associated with the protection domain. - type: string - system: - description: - The name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: - The name of a volume already - created in the ScaleIO system that is - associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: - "Secret represents a secret that - should populate this volume. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: - "Optional: mode bits used - to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not - affected by this setting. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and - content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or - start with '..'. - items: - description: - Maps a string key to a - path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits - used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of - the file to map the key to. May - not be an absolute path. May not - contain the path element '..'. - May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: - Specify whether the Secret - or its keys must be defined - type: boolean - secretName: - description: - "Name of the secret in the - pod's namespace to use. More info: - https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - storageos: - description: - StorageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: - Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. - properties: - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - volumeName: - description: - VolumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: - VolumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows - the Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: - VsphereVolume represents a vSphere - volume attached and mounted on kubelets - host machine - properties: - fsType: - description: - Filesystem type to mount. - Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - storagePolicyID: - description: - Storage Policy Based Management - (SPBM) profile ID associated with the - StoragePolicyName. - type: string - storagePolicyName: - description: - Storage Policy Based Management - (SPBM) profile name. - type: string - volumePath: - description: - Path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - workspaces: - description: - Workspaces are the volumes that this - Task requires. - items: - description: - WorkspaceDeclaration is a declaration - of a volume that a Task requires. - properties: - description: - description: - Description is an optional human - readable description of this volume. - type: string - mountPath: - description: - MountPath overrides the directory - that the volume will be made available at. - type: string - name: - description: - Name is the name by which you - can bind the volume at runtime. - type: string - readOnly: - description: - ReadOnly dictates whether a mounted - volume is writable. By default this field - is false and so mounted volumes are writable. - type: boolean - required: - - name - type: object - type: array - type: object - timeout: - description: - "Time after which the TaskRun times out. - Defaults to 1 hour. Specified TaskRun timeout should - be less than 24h. Refer Go's ParseDuration documentation - for expected format: https://golang.org/pkg/time/#ParseDuration" - type: string - workspaces: - description: - Workspaces maps workspaces from the pipeline - spec to the workspaces declared in the Task. - items: - description: - WorkspacePipelineTaskBinding describes - how a workspace passed into the pipeline should - be mapped to a task's declared workspace. - properties: - name: - description: - Name is the name of the workspace - as declared by the task - type: string - subPath: - description: - SubPath is optionally a directory - on the volume which should be used for this - binding (i.e. the volume will be mounted at - this sub directory). - type: string - workspace: - description: - Workspace is the name of the workspace - declared by the pipeline - type: string - required: - - name - - workspace - type: object - type: array - type: object - type: array - workspaces: - description: - Workspaces declares a set of named workspaces - that are expected to be provided by a PipelineRun. - items: - description: - PipelineWorkspaceDeclaration creates a named - slot in a Pipeline that a PipelineRun is expected to populate - with a workspace binding. - properties: - description: - description: - Description is a human readable string - describing how the workspace will be used in the Pipeline. - It can be useful to include a bit of detail about - which tasks are intended to have access to the data - on the workspace. - type: string - name: - description: - Name is the name of a workspace to be provided - by a PipelineRun. - type: string - required: - - name - type: object - type: array - type: object - podTemplate: - description: PodTemplate holds pod specific configuration - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: - Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: - An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: - Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node selector - terms. The terms are ORed. - items: - description: - A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that the - selector applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: - Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: - A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - This field is beta-level and is only honored - when PodAffinityNamespaceSelector feature - is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: - Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. This - field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: - A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - This field is beta-level and is only honored - when PodAffinityNamespaceSelector feature - is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: - Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. This - field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: - AutomountServiceAccountToken indicates whether - pods running as this service account should have an API - token automatically mounted. - type: boolean - dnsConfig: - description: - Specifies the DNS parameters of a pod. Parameters - specified here will be merged to the generated DNS configuration - based on DNSPolicy. - properties: - nameservers: - description: - A list of DNS name server IP addresses. This - will be appended to the base nameservers generated from - DNSPolicy. Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: - A list of DNS resolver options. This will - be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options - given in Options will override those that appear in - the base DNSPolicy. - items: - description: - PodDNSConfigOption defines DNS resolver - options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: - A list of DNS search domains for host-name - lookup. This will be appended to the base search paths - generated from DNSPolicy. Duplicated search paths will - be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: - Set DNS policy for the pod. Defaults to "ClusterFirst". - Valid values are 'ClusterFirst', 'Default' or 'None'. DNS - parameters given in DNSConfig will be merged with the policy - selected with DNSPolicy. - type: string - enableServiceLinks: - description: - "EnableServiceLinks indicates whether information - about services should be injected into pod's environment - variables, matching the syntax of Docker links. Optional: - Defaults to true." - type: boolean - hostNetwork: - description: - HostNetwork specifies whether the pod may use - the node network namespace - type: boolean - imagePullSecrets: - description: - ImagePullSecrets gives the name of the secret - used by the pod to pull the image if specified - items: - description: - LocalObjectReference contains enough information - to let you locate the referenced object inside the same - namespace. - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: - "NodeSelector is a selector which must be true - for the pod to fit on a node. Selector which must match - a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" - type: object - priorityClassName: - description: - If specified, indicates the pod's priority. "system-node-critical" - and "system-cluster-critical" are two special keywords which - indicate the highest priorities with the former being the - highest priority. Any other name must be defined by creating - a PriorityClass object with that name. If not specified, - the pod priority will be default or zero if there is no - default. - type: string - runtimeClassName: - description: - 'RuntimeClassName refers to a RuntimeClass object - in the node.k8s.io group, which should be used to run this - pod. If no RuntimeClass resource matches the named class, - the pod will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit class with - an empty definition that uses the default runtime handler. - More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' - type: string - schedulerName: - description: - SchedulerName specifies the scheduler to be used - to dispatch the Pod - type: string - securityContext: - description: - "SecurityContext holds pod-level security attributes - and common container settings. Optional: Defaults to empty. See - type description for default values of each field." - properties: - fsGroup: - description: - "A special supplemental group that applies - to all containers in a pod. Some volume types allow - the Kubelet to change the ownership of that volume to - be owned by the pod: \n 1. The owning GID will be the - FSGroup 2. The setgid bit is set (new files created - in the volume will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, the Kubelet - will not modify the ownership and permissions of any - volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: - 'fsGroupChangePolicy defines behavior of - changing ownership and permission of the volume before - being exposed inside Pod. This field will only apply - to volume types which support fsGroup based ownership(and - permissions). It will have no effect on ephemeral volume - types such as: secret, configmaps and emptydir. Valid - values are "OnRootMismatch" and "Always". If not specified, - "Always" is used.' - type: string - runAsGroup: - description: - The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if it - does. If unset or false, no such validation will be - performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to all - containers. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - properties: - level: - description: - Level is SELinux level label that applies - to the container. - type: string - role: - description: - Role is a SELinux role label that applies - to the container. - type: string - type: - description: - Type is a SELinux type label that applies - to the container. - type: string - user: - description: - User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by the containers - in this pod. - properties: - localhostProfile: - description: - localhostProfile indicates a profile - defined in a file on the node should be used. The - profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's - configured seccomp profile location. Must only be - set if type is "Localhost". - type: string - type: - description: - "type indicates which kind of seccomp - profile will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should - be used. RuntimeDefault - the container runtime - default profile should be used. Unconfined - no - profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: - A list of groups applied to the first process - run in each container, in addition to the container's - primary GID. If unspecified, no groups will be added - to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: - Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls (by - the container runtime) might fail to launch. - items: - description: - Sysctl defines a kernel parameter to be - set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: - The Windows specific settings applied to - all containers. If unspecified, the options within a - container's SecurityContext will be used. If set in - both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored by - components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. - All of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: - The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: - Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. - type: string - key: - description: - Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. - type: string - operator: - description: - Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. - type: string - tolerationSeconds: - description: - TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: - Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. - type: string - type: object - type: array - volumes: - description: - "List of volumes that can be mounted by containers - belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" - items: - description: - Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: - "AWSElasticBlockStore represents an AWS - Disk resource that is attached to a kubelet's host - machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: - 'Filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: - 'The partition in the volume that you - want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, the - volume partition for /dev/sda is "0" (or you can - leave the property empty).' - format: int32 - type: integer - readOnly: - description: - 'Specify "true" to force and set the - ReadOnly property in VolumeMounts to "true". If - omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: - "Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: string - required: - - volumeID - type: object - azureDisk: - description: - AzureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. - properties: - cachingMode: - description: - "Host Caching mode: None, Read Only, - Read Write." - type: string - diskName: - description: - The Name of the data disk in the blob - storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: - Filesystem type to mount. Must be a - filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - kind: - description: - "Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed - data disk (only in managed availability set). - defaults to shared" - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: - AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: - the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: - CephFS represents a Ceph FS mount on the - host that shares a pod's lifetime - properties: - monitors: - description: - "Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: string - type: array - path: - description: - "Optional: Used as the mounted root, - rather than the full Ceph tree, default is /" - type: string - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: boolean - secretFile: - description: - "Optional: SecretFile is the path to - key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - secretRef: - description: - "Optional: SecretRef is reference to - the authentication secret for User, default is - empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - user: - description: - "Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - required: - - monitors - type: object - cinder: - description: - "Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: - 'Filesystem type to mount. Must be - a filesystem type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: boolean - secretRef: - description: - "Optional: points to a secret object - containing parameters used to connect to OpenStack." - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - volumeID: - description: - "volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: string - required: - - volumeID - type: object - configMap: - description: - ConfigMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: - "Optional: mode bits used to set permissions - on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for - mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This - might be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value pair - in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the ConfigMap, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. - items: - description: - Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used to - set permissions on this file. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set." - format: int32 - type: integer - path: - description: - The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - csi: - description: - CSI (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: - Driver is the name of the CSI driver - that handles this volume. Consult with your admin - for the correct name as registered in the cluster. - type: string - fsType: - description: - Filesystem type to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty value - is passed to the associated CSI driver which will - determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: - NodePublishSecretRef is a reference - to the secret object containing sensitive information - to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no - secret is required. If the secret object contains - more than one secret, all secret references are - passed. - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - readOnly: - description: - Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: - VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for supported - values. - type: object - required: - - driver - type: object - downwardAPI: - description: - DownwardAPI represents downward API about - the pod that should populate this volume - properties: - defaultMode: - description: - "Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set." - format: int32 - type: integer - items: - description: - Items is a list of downward API volume - file - items: - description: - DownwardAPIVolumeFile represents - information to create the file containing the - pod field - properties: - fieldRef: - description: - "Required: Selects a field of - the pod: only annotations, labels, name - and namespace are supported." - properties: - apiVersion: - description: - Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: - Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: mode bits used to - set permissions on this file, must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set." - format: int32 - type: integer - path: - description: - "Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the '..' path. - Must be utf-8 encoded. The first item of - the relative path must not start with '..'" - type: string - resourceFieldRef: - description: - "Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported." - properties: - containerName: - description: - "Container name: required - for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: - "EmptyDir represents a temporary directory - that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: - 'What type of storage medium should - back this directory. The default is "" which means - to use the node''s default medium. Must be an - empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: - "Total amount of local storage required - for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage - on memory medium EmptyDir would be the minimum - value between the SizeLimit specified here and - the sum of memory limits of all containers in - a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: - "Ephemeral represents a volume that is - handled by a cluster storage driver. The volume's - lifecycle is tied to the pod that defines it - it - will be created before the pod starts, and deleted - when the pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features of - normal volumes like restoring from snapshot or capacity - \ tracking are needed, c) the storage driver is - specified through a storage class, and d) the storage - driver supports dynamic volume provisioning through - \ a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between - this volume type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the - lifecycle of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is meant - to be used that way - see the documentation of the - driver for more information. \n A pod can use both - types of ephemeral volumes and persistent volumes - at the same time. \n This is a beta feature and only - available when the GenericEphemeralVolume feature - gate is enabled." - properties: - volumeClaimTemplate: - description: - "Will be used to create a stand-alone - PVC to provision the volume. The pod in which - this EphemeralVolumeSource is embedded will be - the owner of the PVC, i.e. the PVC will be deleted - together with the pod. The name of the PVC will - be `-` where `` - is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too - long). \n An existing PVC with that name that - is not owned by the pod will *not* be used for - the pod to avoid using an unrelated volume by - mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created - PVC is meant to be used by the pod, the PVC has - to updated with an owner reference to the pod - once the pod exists. Normally this should not - be necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field - is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, - must not be nil." - properties: - metadata: - description: - May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be - rejected during validation. - type: object - spec: - description: - The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: - "AccessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: - "This field can be used to - specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on the - contents of the specified data source. - If the AnyVolumeDataSource feature gate - is enabled, this field will always have - the same contents as the DataSourceRef - field." - properties: - apiGroup: - description: - APIGroup is the group for - the resource being referenced. If - APIGroup is not specified, the specified - Kind must be in the core API group. - For any other third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type of resource - being referenced - type: string - name: - description: - Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: - "Specifies the object from - which to populate the volume with data, - if a non-empty volume is desired. This - may be any local object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if the - type of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace the - functionality of the DataSource field - and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to the - same value automatically if one of them - is empty and the other is non-empty. There - are two important differences between - DataSource and DataSourceRef: * While - DataSource only allows two specific types - of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error if - a disallowed value is specified. (Alpha) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled." - properties: - apiGroup: - description: - APIGroup is the group for - the resource being referenced. If - APIGroup is not specified, the specified - Kind must be in the core API group. - For any other third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type of resource - being referenced - type: string - name: - description: - Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - resources: - description: - "Resources represents the minimum - resources the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the - minimum amount of compute resources - required. If Requests is omitted for - a container, it defaults to Limits - if that is explicitly specified, otherwise - to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - selector: - description: - A label query over volumes - to consider for binding. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - storageClassName: - description: - "Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: - volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. - type: string - volumeName: - description: - VolumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: - FC represents a Fibre Channel resource - that is attached to a kubelet's host machine and then - exposed to the pod. - properties: - fsType: - description: - 'Filesystem type to mount. Must be - a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. TODO: how - do we prevent errors in the filesystem from compromising - the machine' - type: string - lun: - description: "Optional: FC target lun number" - format: int32 - type: integer - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts." - type: boolean - targetWWNs: - description: - "Optional: FC target worldwide names - (WWNs)" - items: - type: string - type: array - wwids: - description: - "Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously." - items: - type: string - type: array - type: object - flexVolume: - description: - FlexVolume represents a generic volume - resource that is provisioned/attached using an exec - based plugin. - properties: - driver: - description: - Driver is the name of the driver to - use for this volume. - type: string - fsType: - description: - Filesystem type to mount. Must be a - filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". The default - filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: - "Optional: Extra command options if - any." - type: object - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts." - type: boolean - secretRef: - description: - "Optional: SecretRef is reference to - the secret object containing sensitive information - to pass to the plugin scripts. This may be empty - if no secret object is specified. If the secret - object contains more than one secret, all secrets - are passed to the plugin scripts." - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - required: - - driver - type: object - flocker: - description: - Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: - Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: - UUID of the dataset. This is unique - identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: - "GCEPersistentDisk represents a GCE Disk - resource that is attached to a kubelet's host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: - 'Filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: - 'The partition in the volume that you - want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, the - volume partition for /dev/sda is "0" (or you can - leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: - "Unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: string - readOnly: - description: - "ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: boolean - required: - - pdName - type: object - gitRepo: - description: - "GitRepo represents a git repository at - a particular revision. DEPRECATED: GitRepo is deprecated. - To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo - using git, then mount the EmptyDir into the Pod's - container." - properties: - directory: - description: - Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git - repository in the subdirectory with the given - name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: - "Glusterfs represents a Glusterfs mount - on the host that shares a pod's lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: - "EndpointsName is the endpoint name - that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - path: - description: - "Path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - readOnly: - description: - "ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: - "HostPath represents a pre-existing file - or directory on the host machine that is directly - exposed to the container. This is generally used for - system agents or other privileged things that are - allowed to see the host machine. Most containers will - NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use - host directory mounts and who can/can not mount host - directories as read/write." - properties: - path: - description: - "Path of the directory on the host. - If the path is a symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: string - type: - description: - 'Type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: - "ISCSI represents an ISCSI Disk resource - that is attached to a kubelet's host machine and - then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: - whether support iSCSI Discovery CHAP - authentication - type: boolean - chapAuthSession: - description: - whether support iSCSI Session CHAP - authentication - type: boolean - fsType: - description: - 'Filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - initiatorName: - description: - Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : - will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: - iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: - iSCSI Target Portal List. The portal - is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and - 3260). - items: - type: string - type: array - readOnly: - description: - ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: - CHAP Secret for iSCSI target and initiator - authentication - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - targetPortal: - description: - iSCSI Target Portal. The Portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: - "Volume's name. Must be a DNS_LABEL and - unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - nfs: - description: - "NFS represents an NFS mount on the host - that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: - "Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - readOnly: - description: - "ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: boolean - server: - description: - "Server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: - "PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same - namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: - "ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: - Will force the ReadOnly setting in - VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: - PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: - Filesystem type to mount. Must be a - filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - pdID: - description: - ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: - PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: - FSType represents the filesystem type - to mount Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs". - Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: - VolumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: - Items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: - Mode bits used to set permissions on - created files by default. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. Directories within the path are not affected - by this setting. This might be in conflict with - other options that affect the file mode, like - fsGroup, and the result can be other mode bits - set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: - Projection that may be projected - along with other supported volume types - properties: - configMap: - description: - information about the configMap - data to project - properties: - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the - volume as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or - start with '..'. - items: - description: - Maps a string key to a - path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits - used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of - the file to map the key to. May - not be an absolute path. May not - contain the path element '..'. - May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - downwardAPI: - description: - information about the downwardAPI - data to project - properties: - items: - description: - Items is a list of DownwardAPIVolume - file - items: - description: - DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: - "Required: Selects - a field of the pod: only annotations, - labels, name and namespace are - supported." - properties: - apiVersion: - description: - Version of the - schema the FieldPath is written - in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field - to select in the specified - API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set." - format: int32 - type: integer - path: - description: - "Required: Path is the - relative path name of the file - to be created. Must not be absolute - or contain the '..' path. Must - be utf-8 encoded. The first item - of the relative path must not - start with '..'" - type: string - resourceFieldRef: - description: - "Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu and - requests.memory) are currently - supported." - properties: - containerName: - description: - "Container name: - required for volumes, optional - for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: resource - to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: - information about the secret - data to project - properties: - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and - content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or - start with '..'. - items: - description: - Maps a string key to a - path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits - used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, - JSON requires decimal values for - mode bits. If not specified, the - volume defaultMode will be used. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of - the file to map the key to. May - not be an absolute path. May not - contain the path element '..'. - May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret - or its key must be defined - type: boolean - type: object - serviceAccountToken: - description: - information about the serviceAccountToken - data to project - properties: - audience: - description: - Audience is the intended - audience of the token. A recipient of - a token must identify itself with an - identifier specified in the audience - of the token, and otherwise should reject - the token. The audience defaults to - the identifier of the apiserver. - type: string - expirationSeconds: - description: - ExpirationSeconds is the - requested duration of validity of the - service account token. As the token - approaches expiration, the kubelet volume - plugin will proactively rotate the service - account token. The kubelet will start - trying to rotate the token if the token - is older than 80 percent of its time - to live or if the token is older than - 24 hours.Defaults to 1 hour and must - be at least 10 minutes. - format: int64 - type: integer - path: - description: - Path is the path relative - to the mount point of the file to project - the token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: - Quobyte represents a Quobyte mount on the - host that shares a pod's lifetime - properties: - group: - description: - Group to map volume access to Default - is no group - type: string - readOnly: - description: - ReadOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: - Registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes - type: string - tenant: - description: - Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin - type: string - user: - description: - User to map volume access to Defaults - to serivceaccount user - type: string - volume: - description: - Volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: - "RBD represents a Rados Block Device mount - on the host that shares a pod's lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: - 'Filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - keyring: - description: - "Keyring is the path to key ring for - RBDUser. Default is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - monitors: - description: - "A collection of Ceph monitors. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: string - type: array - pool: - description: - "The rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - readOnly: - description: - "ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: boolean - secretRef: - description: - "SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - user: - description: - "The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - required: - - image - - monitors - type: object - scaleIO: - description: - ScaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: - Filesystem type to mount. Must be a - filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Default is - "xfs". - type: string - gateway: - description: - The host address of the ScaleIO API - Gateway. - type: string - protectionDomain: - description: - The name of the ScaleIO Protection - Domain for the configured storage. - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation will - fail. - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - sslEnabled: - description: - Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: - Indicates whether the storage for a - volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: - The ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: - The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: - The name of a volume already created - in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: - "Secret represents a secret that should - populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: - "Optional: mode bits used to set permissions - on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for - mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This - might be in conflict with other options that affect - the file mode, like fsGroup, and the result can - be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose name - is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. - If a key is specified which is not present in - the Secret, the volume setup will error unless - it is marked optional. Paths must be relative - and may not contain the '..' path or start with - '..'. - items: - description: - Maps a string key to a path within - a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used to - set permissions on this file. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set." - format: int32 - type: integer - path: - description: - The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: - Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: - "Name of the secret in the pod's namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - storageos: - description: - StorageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: - Filesystem type to mount. Must be a - filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef specifies the secret to use - for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - volumeName: - description: - VolumeName is the human-readable name - of the StorageOS volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: - description: - VolumeNamespace specifies the scope - of the volume within StorageOS. If no namespace - is specified then the Pod's namespace will be - used. This allows the Kubernetes name scoping - to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default - behaviour. Set to "default" if you are not using - namespaces within StorageOS. Namespaces that do - not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: - VsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine - properties: - fsType: - description: - Filesystem type to mount. Must be a - filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: - Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: - Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: - Path that identifies vSphere volume - vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - imagePullSecrets - type: object - resources: - description: - Resources is a list of bindings specifying which - actual instances of PipelineResources to use for the resources - the Pipeline has declared it needs. - items: - description: - PipelineResourceBinding connects a reference to - an instance of a PipelineResource with a PipelineResource - dependency that the Pipeline has declared - properties: - name: - description: - Name is the name of the PipelineResource in - the Pipeline's declaration - type: string - resourceRef: - description: - ResourceRef is a reference to the instance - of the actual PipelineResource that should be used - properties: - apiVersion: - description: API version of the referent - type: string - name: - description: "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - resourceSpec: - description: - ResourceSpec is specification of a resource - that should be created and consumed by the task - properties: - description: - description: - Description is a user-facing description - of the resource that may be used to populate a UI. - type: string - params: - items: - description: - ResourceParam declares a string value - to use for the parameter called Name, and is used - in the specific context of PipelineResources. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - secrets: - description: - Secrets to fetch to populate some of resource - fields - items: - description: - SecretParam indicates which secret can - be used to populate a field of the resource - properties: - fieldName: - type: string - secretKey: - type: string - secretName: - type: string - required: - - fieldName - - secretKey - - secretName - type: object - type: array - type: - type: string - required: - - params - - type - type: object - type: object - type: array - serviceAccountName: - type: string - serviceAccountNames: - items: - description: - PipelineRunSpecServiceAccountName can be used to - configure specific ServiceAccountName for a concrete Task - properties: - serviceAccountName: - type: string - taskName: - type: string - type: object - type: array - status: - description: - Used for cancelling a pipelinerun (and maybe more - later on) - type: string - taskRunSpecs: - description: TaskRunSpecs holds a set of task specific specs - items: - description: PipelineTaskRunSpec holds task specific specs - properties: - pipelineTaskName: - type: string - taskPodTemplate: - description: PodTemplate holds pod specific configuration - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: - Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most - preferred. - items: - description: - An empty preferred scheduling - term matches all objects with implicit weight - 0 (i.e. it's a no-op). A null preferred - scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: - A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that - the selector applies to. - type: string - operator: - description: - Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: - An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that - the selector applies to. - type: string - operator: - description: - Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: - An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: - Weight associated with matching - the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to an update), the - system may or may not try to eventually evict - the pod from its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node selector - terms. The terms are ORed. - items: - description: - A null or empty node selector - term matches no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector - requirements by node's labels. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that - the selector applies to. - type: string - operator: - description: - Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: - An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector - requirements by node's fields. - items: - description: - A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - The label key that - the selector applies to. - type: string - operator: - description: - Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: - An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: - Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest - sum are the most preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: - A label query over a - set of resources, in this case pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: - A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: - operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: - A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: - operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to a pod label update), - the system may or may not try to eventually - evict the pod from its node. When there are - multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: - Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running - properties: - labelSelector: - description: - A label query over a set - of resources, in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - This field is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity - expressions specified by this field, but it - may choose a node that violates one or more - of the expressions. The node that is most - preferred is the one with the greatest sum - of weights, i.e. for each node that meets - all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating - through the elements of this field and adding - "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most - preferred. - items: - description: - The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: - A label query over a - set of resources, in this case pods. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: - A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: - operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: - A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: - operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the anti-affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to a pod label - update), the system may or may not try to - eventually evict the pod from its node. When - there are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: - Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running - properties: - labelSelector: - description: - A label query over a set - of resources, in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - This field is beta-level and is only - honored when PodAffinityNamespaceSelector - feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label - key that the selector applies - to. - type: string - operator: - description: - operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: - AutomountServiceAccountToken indicates - whether pods running as this service account should - have an API token automatically mounted. - type: boolean - dnsConfig: - description: - Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the generated - DNS configuration based on DNSPolicy. - properties: - nameservers: - description: - A list of DNS name server IP addresses. - This will be appended to the base nameservers - generated from DNSPolicy. Duplicated nameservers - will be removed. - items: - type: string - type: array - options: - description: - A list of DNS resolver options. This - will be merged with the base options generated - from DNSPolicy. Duplicated entries will be removed. - Resolution options given in Options will override - those that appear in the base DNSPolicy. - items: - description: - PodDNSConfigOption defines DNS resolver - options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: - A list of DNS search domains for host-name - lookup. This will be appended to the base search - paths generated from DNSPolicy. Duplicated search - paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: - Set DNS policy for the pod. Defaults to - "ClusterFirst". Valid values are 'ClusterFirst', 'Default' - or 'None'. DNS parameters given in DNSConfig will - be merged with the policy selected with DNSPolicy. - type: string - enableServiceLinks: - description: - "EnableServiceLinks indicates whether information - about services should be injected into pod's environment - variables, matching the syntax of Docker links. Optional: - Defaults to true." - type: boolean - hostNetwork: - description: - HostNetwork specifies whether the pod may - use the node network namespace - type: boolean - imagePullSecrets: - description: - ImagePullSecrets gives the name of the - secret used by the pod to pull the image if specified - items: - description: - LocalObjectReference contains enough - information to let you locate the referenced object - inside the same namespace. - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: - "NodeSelector is a selector which must - be true for the pod to fit on a node. Selector which - must match a node's labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" - type: object - priorityClassName: - description: - If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod priority - will be default or zero if there is no default. - type: string - runtimeClassName: - description: - 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should be used - to run this pod. If no RuntimeClass resource matches - the named class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will be used, - which is an implicit class with an empty definition - that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' - type: string - schedulerName: - description: - SchedulerName specifies the scheduler to - be used to dispatch the Pod - type: string - securityContext: - description: - "SecurityContext holds pod-level security - attributes and common container settings. Optional: - Defaults to empty. See type description for default - values of each field." - properties: - fsGroup: - description: - "A special supplemental group that - applies to all containers in a pod. Some volume - types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n 1. The - owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be - owned by FSGroup) 3. The permission bits are OR'd - with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: - 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the volume - before being exposed inside Pod. This field will - only apply to volume types which support fsGroup - based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' - type: string - runAsGroup: - description: - The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence - for that container. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to - all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. - properties: - level: - description: - Level is SELinux level label that - applies to the container. - type: string - role: - description: - Role is a SELinux role label that - applies to the container. - type: string - type: - description: - Type is a SELinux type label that - applies to the container. - type: string - user: - description: - User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by the containers - in this pod. - properties: - localhostProfile: - description: - localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". - type: string - type: - description: - "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type - type: object - supplementalGroups: - description: - A list of groups applied to the first - process run in each container, in addition to - the container's primary GID. If unspecified, - no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: - Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls - (by the container runtime) might fail to launch. - items: - description: - Sysctl defines a kernel parameter - to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: - The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container - should be run as a 'Host Process' container. - This field is alpha-level and will only be - honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the - feature flag will result in errors when validating - the Pod. All of a Pod's containers must have - the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: - The pod this Toleration is attached to - tolerates any taint that matches the triple - using the matching operator . - properties: - effect: - description: - Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: - Key is the taint key that the toleration - applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; - this combination means to match all values and - all keys. - type: string - operator: - description: - Operator represents a key's relationship - to the value. Valid operators are Exists and - Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: - TolerationSeconds represents the - period of time the toleration (which must be - of effect NoExecute, otherwise this field is - ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: - Value is the taint value the toleration - matches to. If the operator is Exists, the value - should be empty, otherwise just a regular string. - type: string - type: object - type: array - volumes: - description: - "List of volumes that can be mounted by - containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" - items: - description: - Volume represents a named volume in a - pod that may be accessed by any container in the - pod. - properties: - awsElasticBlockStore: - description: - "AWSElasticBlockStore represents - an AWS Disk resource that is attached to a kubelet's - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: - 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty).' - format: int32 - type: integer - readOnly: - description: - 'Specify "true" to force and - set the ReadOnly property in VolumeMounts - to "true". If omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: - "Unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: string - required: - - volumeID - type: object - azureDisk: - description: - AzureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. - properties: - cachingMode: - description: - "Host Caching mode: None, Read - Only, Read Write." - type: string - diskName: - description: - The Name of the data disk in - the blob storage - type: string - diskURI: - description: - The URI the data disk in the - blob storage - type: string - fsType: - description: - Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: - "Expected values Shared: multiple - blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared" - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: - AzureFile represents an Azure File - Service mount on the host and bind mount to - the pod. - properties: - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: - the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: - CephFS represents a Ceph FS mount - on the host that shares a pod's lifetime - properties: - monitors: - description: - "Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: string - type: array - path: - description: - "Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /" - type: string - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: boolean - secretFile: - description: - "Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - secretRef: - description: - "Optional: SecretRef is reference - to the authentication secret for User, default - is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - user: - description: - "Optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - required: - - monitors - type: object - cinder: - description: - "Cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: - 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md" - type: boolean - secretRef: - description: - "Optional: points to a secret - object containing parameters used to connect - to OpenStack." - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - volumeID: - description: - "volume id used to identify the - volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: string - required: - - volumeID - type: object - configMap: - description: - ConfigMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: - "Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - items: - description: - Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set." - format: int32 - type: integer - path: - description: - The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - csi: - description: - CSI (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: - description: - Driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. - type: string - fsType: - description: - Filesystem type to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the associated - CSI driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: - NodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver to - complete the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. If the - secret object contains more than one secret, - all secret references are passed. - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - readOnly: - description: - Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: - VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. - Consult your driver's documentation for - supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: - DownwardAPI represents downward API - about the pod that should populate this volume - properties: - defaultMode: - description: - "Optional: mode bits to use on - created files by default. Must be a Optional: - mode bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can be - other mode bits set." - format: int32 - type: integer - items: - description: - Items is a list of downward API - volume file - items: - description: - DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: - "Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported." - properties: - apiVersion: - description: - Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set." - format: int32 - type: integer - path: - description: - "Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the '..' path. Must be utf-8 - encoded. The first item of the relative - path must not start with '..'" - type: string - resourceFieldRef: - description: - "Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported." - properties: - containerName: - description: - "Container name: required - for volumes, optional for env - vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: resource - to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: - "EmptyDir represents a temporary - directory that shares a pod's lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: - 'What type of storage medium - should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: - "Total amount of local storage - required for this EmptyDir volume. The size - limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default - is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: - "Ephemeral represents a volume that - is handled by a cluster storage driver. The - volume's lifecycle is tied to the pod that defines - it - it will be created before the pod starts, - and deleted when the pod is removed. \n Use - this if: a) the volume is only needed while - the pod runs, b) features of normal volumes - like restoring from snapshot or capacity tracking - are needed, c) the storage driver is specified - through a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between - this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than - the lifecycle of an individual pod. \n Use CSI - for light-weight local ephemeral volumes if - the CSI driver is meant to be used that way - - see the documentation of the driver for more - information. \n A pod can use both types of - ephemeral volumes and persistent volumes at - the same time. \n This is a beta feature and - only available when the GenericEphemeralVolume - feature gate is enabled." - properties: - volumeClaimTemplate: - description: - "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The - name of the PVC will be `-` where `` is the name - from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the - concatenated name is not valid for a PVC - (for example, too long). \n An existing - PVC with that name that is not owned by - the pod will *not* be used for the pod to - avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the - unrelated PVC is removed. If such a pre-created - PVC is meant to be used by the pod, the - PVC has to updated with an owner reference - to the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing a - broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. \n - Required, must not be nil." - properties: - metadata: - description: - May contain labels and annotations - that will be copied into the PVC when - creating it. No other fields are allowed - and will be rejected during validation. - type: object - spec: - description: - The specification for the - PersistentVolumeClaim. The entire content - is copied unchanged into the PVC that - gets created from this template. The - same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: - "AccessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: - "This field can be used - to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a new - volume based on the contents of - the specified data source. If the - AnyVolumeDataSource feature gate - is enabled, this field will always - have the same contents as the DataSourceRef - field." - properties: - apiGroup: - description: - APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type - of resource being referenced - type: string - name: - description: - Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: - "Specifies the object - from which to populate the volume - with data, if a non-empty volume - is desired. This may be any local - object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume populator - or dynamic provisioner. This field - will replace the functionality of - the DataSource field and as such - if both fields are non-empty, they - must have the same value. For backwards - compatibility, both fields (DataSource - and DataSourceRef) will be set to - the same value automatically if - one of them is empty and the other - is non-empty. There are two important - differences between DataSource and - DataSourceRef: * While DataSource - only allows two specific types of - objects, DataSourceRef allows - any non-core object, as well as - PersistentVolumeClaim objects. * - While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error - if a disallowed value is specified. - (Alpha) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled." - properties: - apiGroup: - description: - APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any - other third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type - of resource being referenced - type: string - name: - description: - Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - resources: - description: - "Resources represents - the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - selector: - description: - A label query over volumes - to consider for binding. - properties: - matchExpressions: - description: - matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: - A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: - key is the - label key that the selector - applies to. - type: string - operator: - description: - operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - storageClassName: - description: - "Name of the StorageClass - required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: - volumeMode defines what - type of volume is required by the - claim. Value of Filesystem is implied - when not included in claim spec. - type: string - volumeName: - description: - VolumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: - FC represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. - properties: - fsType: - description: - 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: "Optional: FC target lun number" - format: int32 - type: integer - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts." - type: boolean - targetWWNs: - description: - "Optional: FC target worldwide - names (WWNs)" - items: - type: string - type: array - wwids: - description: - "Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not - both simultaneously." - items: - type: string - type: array - type: object - flexVolume: - description: - FlexVolume represents a generic volume - resource that is provisioned/attached using - an exec based plugin. - properties: - driver: - description: - Driver is the name of the driver - to use for this volume. - type: string - fsType: - description: - Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: - type: string - description: - "Optional: Extra command options - if any." - type: object - readOnly: - description: - "Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts." - type: boolean - secretRef: - description: - "Optional: SecretRef is reference - to the secret object containing sensitive - information to pass to the plugin scripts. - This may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts." - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - required: - - driver - type: object - flocker: - description: - Flocker represents a Flocker volume - attached to a kubelet's host machine. This depends - on the Flocker control service being running - properties: - datasetName: - description: - Name of the dataset stored as - metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: - UUID of the dataset. This is - unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: - "GCEPersistentDisk represents a GCE - Disk resource that is attached to a kubelet's - host machine and then exposed to the pod. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: - 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: - "Unique name of the PD resource - in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: string - readOnly: - description: - "ReadOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: boolean - required: - - pdName - type: object - gitRepo: - description: - "GitRepo represents a git repository - at a particular revision. DEPRECATED: GitRepo - is deprecated. To provision a container with - a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the - EmptyDir into the Pod's container." - properties: - directory: - description: - Target directory name. Must not - contain or start with '..'. If '.' is supplied, - the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the - git repository in the subdirectory with - the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: - Commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: - "Glusterfs represents a Glusterfs - mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: - "EndpointsName is the endpoint - name that details Glusterfs topology. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - path: - description: - "Path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - readOnly: - description: - "ReadOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: - "HostPath represents a pre-existing - file or directory on the host machine that is - directly exposed to the container. This is generally - used for system agents or other privileged things - that are allowed to see the host machine. Most - containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can - use host directory mounts and who can/can not - mount host directories as read/write." - properties: - path: - description: - "Path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: string - type: - description: - 'Type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: - "ISCSI represents an ISCSI Disk resource - that is attached to a kubelet's host machine - and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: - whether support iSCSI Discovery - CHAP authentication - type: boolean - chapAuthSession: - description: - whether support iSCSI Session - CHAP authentication - type: boolean - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - initiatorName: - description: - Custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for - the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: - iSCSI Interface Name that uses - an iSCSI transport. Defaults to 'default' - (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: - iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if - the port is other than default (typically - TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: - ReadOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. - type: boolean - secretRef: - description: - CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - targetPortal: - description: - iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port - is other than default (typically TCP ports - 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: - "Volume's name. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - nfs: - description: - "NFS represents an NFS mount on the - host that shares a pod's lifetime More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: - "Path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - readOnly: - description: - "ReadOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: boolean - server: - description: - "Server is the hostname or IP - address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: - "PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: - "ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this - volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: - Will force the ReadOnly setting - in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: - PhotonPersistentDisk represents a - PhotonController persistent disk attached and - mounted on kubelets host machine - properties: - fsType: - description: - Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: - ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: - PortworxVolume represents a portworx - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: - FSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: - VolumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: - Items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: - Mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by this - setting. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: - Projection that may be projected - along with other supported volume types - properties: - configMap: - description: - information about the configMap - data to project - properties: - items: - description: - If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. - items: - description: - Maps a string key - to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode - bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set." - format: int32 - type: integer - path: - description: - The relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - ConfigMap or its keys must be - defined - type: boolean - type: object - downwardAPI: - description: - information about the downwardAPI - data to project - properties: - items: - description: - Items is a list of - DownwardAPIVolume file - items: - description: - DownwardAPIVolumeFile - represents information to create - the file containing the pod - field - properties: - fieldRef: - description: - "Required: Selects - a field of the pod: only - annotations, labels, name - and namespace are supported." - properties: - apiVersion: - description: - Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: - Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: mode - bits used to set permissions - on this file, must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set." - format: int32 - type: integer - path: - description: - "Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the '..' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - '..'" - type: string - resourceFieldRef: - description: - "Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported." - properties: - containerName: - description: - "Container - name: required for volumes, - optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies - the output format of - the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: - resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: - information about the secret - data to project - properties: - items: - description: - If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. - items: - description: - Maps a string key - to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode - bits used to set permissions - on this file. Must be an - octal value between 0000 - and 0777 or a decimal value - between 0 and 511. YAML - accepts both octal and decimal - values, JSON requires decimal - values for mode bits. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, like - fsGroup, and the result - can be other mode bits set." - format: int32 - type: integer - path: - description: - The relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the - Secret or its key must be defined - type: boolean - type: object - serviceAccountToken: - description: - information about the serviceAccountToken - data to project - properties: - audience: - description: - Audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified in - the audience of the token, and - otherwise should reject the token. - The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: - ExpirationSeconds is - the requested duration of validity - of the service account token. - As the token approaches expiration, - the kubelet volume plugin will - proactively rotate the service - account token. The kubelet will - start trying to rotate the token - if the token is older than 80 - percent of its time to live or - if the token is older than 24 - hours.Defaults to 1 hour and must - be at least 10 minutes. - format: int64 - type: integer - path: - description: - Path is the path relative - to the mount point of the file - to project the token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: - Quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: - description: - Group to map volume access to - Default is no group - type: string - readOnly: - description: - ReadOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. - type: boolean - registry: - description: - Registry represents a single - or multiple Quobyte Registry services specified - as a string as host:port pair (multiple - entries are separated with commas) which - acts as the central registry for volumes - type: string - tenant: - description: - Tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is set - by the plugin - type: string - user: - description: - User to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: - Volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: - "RBD represents a Rados Block Device - mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: - 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - image: - description: - "The rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - keyring: - description: - "Keyring is the path to key ring - for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - monitors: - description: - "A collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: string - type: array - pool: - description: - "The rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - readOnly: - description: - "ReadOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: boolean - secretRef: - description: - "SecretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - user: - description: - "The rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - required: - - image - - monitors - type: object - scaleIO: - description: - ScaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: - Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: - The host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: - The name of the ScaleIO Protection - Domain for the configured storage. - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef references to the secret - for ScaleIO user and other sensitive information. - If this is not provided, Login operation - will fail. - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - sslEnabled: - description: - Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: - Indicates whether the storage - for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: - The ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: - The name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: - The name of a volume already - created in the ScaleIO system that is associated - with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: - "Secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: - "Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - items: - description: - Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set." - format: int32 - type: integer - path: - description: - The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: - Specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: - "Name of the secret in the pod's - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - storageos: - description: - StorageOS represents a StorageOS - volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: - Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef specifies the secret - to use for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. - properties: - name: - description: - "Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - type: object - volumeName: - description: - VolumeName is the human-readable - name of the StorageOS volume. Volume names - are only unique within a namespace. - type: string - volumeNamespace: - description: - VolumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. - Set to "default" if you are not using namespaces - within StorageOS. Namespaces that do not - pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: - VsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: - Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: - Storage Policy Based Management - (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: - Storage Policy Based Management - (SPBM) profile name. - type: string - volumePath: - description: - Path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - imagePullSecrets - type: object - taskServiceAccountName: - type: string - type: object - type: array - timeout: - description: - "Time after which the Pipeline times out. Defaults - to never. Refer to Go's ParseDuration documentation for expected - format: https://golang.org/pkg/time/#ParseDuration" - type: string - workspaces: - description: - Workspaces holds a set of workspace bindings that - must match names with those declared in the pipeline. - items: - description: - WorkspaceBinding maps a Task's declared workspace - to a Volume. - properties: - configMap: - description: - ConfigMap represents a configMap that should - populate this workspace. - properties: - defaultMode: - description: - "Optional: mode bits used to set permissions - on created files by default. Must be an octal value - between 0000 and 0777 or a decimal value between 0 - and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: - description: - Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used to set - permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict with - other options that affect the file mode, like - fsGroup, and the result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap or its keys - must be defined - type: boolean - type: object - emptyDir: - description: - "EmptyDir represents a temporary directory - that shares a Task's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - Either this OR PersistentVolumeClaim can be used." - properties: - medium: - description: - 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: - "Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - name: - description: - Name is the name of the workspace populated - by the volume. - type: string - persistentVolumeClaim: - description: - PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - Either this OR EmptyDir can be used. - properties: - claimName: - description: - "ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: - Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - secret: - description: - Secret represents a secret that should populate - this workspace. - properties: - defaultMode: - description: - "Optional: mode bits used to set permissions - on created files by default. Must be an octal value - between 0000 and 0777 or a decimal value between 0 - and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - items: - description: - Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used to set - permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict with - other options that affect the file mode, like - fsGroup, and the result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: - Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: - "Name of the secret in the pod's namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - subPath: - description: - SubPath is optionally a directory on the volume - which should be used for this binding (i.e. the volume - will be mounted at this sub directory). - type: string - volumeClaimTemplate: - description: - VolumeClaimTemplate is a template for a claim - that will be created in the same namespace. The PipelineRun - controller is responsible for creating a unique claim - for each instance of PipelineRun. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the - REST resource this object represents. Servers may - infer this from the endpoint the client submits requests - to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - description: - "Standard object's metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" - type: object - spec: - description: - "Spec defines the desired characteristics - of a volume requested by a pod author. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: - "AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: - "This field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field." - properties: - apiGroup: - description: - APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type of resource being - referenced - type: string - name: - description: - Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: - "Specifies the object from which to - populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - DataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as - well as PersistentVolumeClaim objects. * While - DataSource ignores disallowed values (dropping - them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled." - properties: - apiGroup: - description: - APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: - Kind is the type of resource being - referenced - type: string - name: - description: - Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - resources: - description: - "Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - selector: - description: - A label query over volumes to consider - for binding. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - storageClassName: - description: - "Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: - volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. - type: string - volumeName: - description: - VolumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - status: - description: - "Status represents the current information/status - of a persistent volume claim. Read-only. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: - "AccessModes contains the actual access - modes the volume backing the PVC has. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - Represents the actual resources of - the underlying volume. - type: object - conditions: - description: - Current Condition of persistent volume - claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: - PersistentVolumeClaimCondition contails - details about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: - Last time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: - Human-readable message indicating - details about last transition. - type: string - reason: - description: - Unique, this should be a short, - machine understandable string that gives - the reason for condition's last transition. - If it reports "ResizeStarted" that means - the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - description: - PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: - Phase represents the current phase - of PersistentVolumeClaim. - type: string - type: object - type: object - required: - - name - type: object - type: array - type: object - pod_spec: - description: - PodSpec provides the basis for running the test under - a Kubernetes agent - properties: - activeDeadlineSeconds: - description: - Optional duration in seconds the pod may be active - on the node relative to StartTime before the system will actively - try to mark it failed and kill associated containers. Value - must be a positive integer. - format: int64 - type: integer - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: - Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: - An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: - A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: - A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: - A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: - Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. - properties: - nodeSelectorTerms: - description: - Required. A list of node selector terms. - The terms are ORed. - items: - description: - A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: - A list of node selector requirements - by node's labels. - items: - description: - A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: - A list of node selector requirements - by node's fields. - items: - description: - A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - The label key that the selector - applies to. - type: string - operator: - description: - Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: - An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: - Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. This - field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: - Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: - Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: - The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: - The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: - Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. This - field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: - weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: - If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: - Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running - properties: - labelSelector: - description: - A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaceSelector: - description: - A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: - A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: - key is the label key that - the selector applies to. - type: string - operator: - description: - operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: - namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: - This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: - AutomountServiceAccountToken indicates whether a - service account token should be automatically mounted. - type: boolean - containers: - description: - List of containers belonging to the pod. Containers - cannot currently be added or removed. There must be at least - one container in a Pod. Cannot be updated. - items: - description: - A single application container that you want to - run within a pod. - properties: - args: - description: - 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. Double $$ are reduced to a single $, which - allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables to set in the - container. Cannot be updated. - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: - "Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['']`, - `metadata.annotations['']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs." - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: - "Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env - with a duplicate key will take precedence. Cannot be updated. - items: - description: - EnvFromSource represents the source of a - set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap must - be defined - type: boolean - type: object - prefix: - description: - An optional identifier to prepend to - each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret must be - defined - type: boolean - type: object - type: object - type: array - image: - description: - "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: - Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: - "PostStart is called immediately after - a container is created. If the handler fails, the - container is terminated and restarted according to - its restart policy. Other management of the container - blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http request - to perform. - properties: - host: - description: - Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect - to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately before a - container is terminated due to an API request or management - event such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called - if the container crashes or exits. The reason for - termination is passed to the handler. The Pod's termination - grace period countdown begins before the PreStop hooked - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the - Pod's termination grace period. Other management - of the container blocks until the hook completes or - until the termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http request - to perform. - properties: - host: - description: - Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect - to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: - "Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: - List of ports to expose from the container. - Exposing a port here gives the system additional information - about the network connections a container uses, but is - primarily informational. Not specifying a port here DOES - NOT prevent that port from being exposed. Any port which - is listening on the default "0.0.0.0" address inside a - container will be accessible from the network. Cannot - be updated. - items: - description: - ContainerPort represents a network port in - a single container. - properties: - containerPort: - description: - Number of port to expose on the pod's - IP address. This must be a valid port number, 0 - < x < 65536. - format: int32 - type: integer - hostIP: - description: - What host IP to bind the external port - to. - type: string - hostPort: - description: - Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, this - must match ContainerPort. Most containers do not - need this. - format: int32 - type: integer - name: - description: - If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a - pod must have a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: - "Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: - "Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - securityContext: - description: - "SecurityContext defines the security options - the container should be run with. If set, the fields of - SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent - process. This bool directly controls if the no_new_privs - flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: - The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: - Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. - type: boolean - procMount: - description: - procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: - Whether this container has a read-only - root filesystem. Default is false. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if - it does. If unset or false, no such validation will - be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - properties: - level: - description: - Level is SELinux level label that applies - to the container. - type: string - role: - description: - Role is a SELinux role label that applies - to the container. - type: string - type: - description: - Type is a SELinux type label that applies - to the container. - type: string - user: - description: - User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by this container. - If seccomp options are provided at both the pod & - container level, the container options override the - pod options. - properties: - localhostProfile: - description: - localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: - "type indicates which kind of seccomp - profile will be applied. Valid options are: \n - Localhost - a profile defined in a file on the - node should be used. RuntimeDefault - the container - runtime default profile should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings applied to - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the - Pod. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run the - entrypoint of the container process. Defaults - to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: - "StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed - until this completes successfully. If this probe fails, - the Pod will be restarted, just as if the livenessProbe - failed. This can be used to provide different probe parameters - at the beginning of a Pod's lifecycle, when it might - take a long time to load data or warm a cache, than during - steady-state operation. This cannot be updated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, - reads from stdin in the container will always result in - EOF. Default is false. - type: boolean - stdinOnce: - description: - Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce is - set to true, stdin is opened on container start, is empty - until the first client attaches to stdin, and then remains - open and accepts data until the client disconnects, at - which time stdin is closed and remains closed until the - container is restarted. If this flag is false, a container - processes that reads from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: - "Optional: Path at which the file to which - the container's termination message will be written is - mounted into the container's filesystem. Message written - is intended to be brief final status, such as an assertion - failure message. Will be truncated by the node if greater - than 4096 bytes. The total message length across all containers - will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last chunk - of container log output if the termination message file - is empty and the container exited with an error. The log - output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: - Whether this container should allocate a TTY - for itself, also requires 'stdin' to be true. Default - is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of block devices - to be used by the container. - items: - description: - volumeDevice describes a mapping of a raw - block device within a container. - properties: - devicePath: - description: - devicePath is the path inside of the - container that the device will be mapped to. - type: string - name: - description: - name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: - VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: - Path within the container at which the - volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: - Path within the volume from which the - container's volume should be mounted. Defaults to - "" (volume's root). - type: string - subPathExpr: - description: - Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable - references $(VAR_NAME) are expanded using the container's - environment. Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - dnsConfig: - description: - Specifies the DNS parameters of a pod. Parameters - specified here will be merged to the generated DNS configuration - based on DNSPolicy. - properties: - nameservers: - description: - A list of DNS name server IP addresses. This - will be appended to the base nameservers generated from - DNSPolicy. Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: - A list of DNS resolver options. This will be - merged with the base options generated from DNSPolicy. Duplicated - entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: - PodDNSConfigOption defines DNS resolver options - of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated - from DNSPolicy. Duplicated search paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: - Set DNS policy for the pod. Defaults to "ClusterFirst". - Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given in DNSConfig will - be merged with the policy selected with DNSPolicy. To have DNS - options set along with hostNetwork, you have to specify DNS - policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: - "EnableServiceLinks indicates whether information - about services should be injected into pod's environment variables, - matching the syntax of Docker links. Optional: Defaults to true." - type: boolean - ephemeralContainers: - description: - List of ephemeral containers run in this pod. Ephemeral - containers may be run in an existing pod to perform user-initiated - actions such as debugging. This list cannot be specified when - creating a pod, and it cannot be modified by updating the pod - spec. In order to add an ephemeral container to an existing - pod, use the pod's ephemeralcontainers subresource. This field - is alpha-level and is only honored by servers that enable the - EphemeralContainers feature. - items: - description: - An EphemeralContainer is a container that may be - added temporarily to an existing pod for user-initiated activities - such as debugging. Ephemeral containers have no resource or - scheduling guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. If an ephemeral - container causes a pod to exceed its resource allocation, - the pod may be evicted. Ephemeral containers may not be added - by directly updating the pod spec. They must be added via - the pod's ephemeralcontainers subresource, and they will appear - in the pod spec once added. This is an alpha feature enabled - by the EphemeralContainers feature flag. - properties: - args: - description: - 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. Double $$ are reduced to a single $, which - allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables to set in the - container. Cannot be updated. - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: - "Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['']`, - `metadata.annotations['']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs." - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: - "Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env - with a duplicate key will take precedence. Cannot be updated. - items: - description: - EnvFromSource represents the source of a - set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap must - be defined - type: boolean - type: object - prefix: - description: - An optional identifier to prepend to - each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret must be - defined - type: boolean - type: object - type: object - type: array - image: - description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images" - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: Lifecycle is not allowed for ephemeral containers. - properties: - postStart: - description: - "PostStart is called immediately after - a container is created. If the handler fails, the - container is terminated and restarted according to - its restart policy. Other management of the container - blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http request - to perform. - properties: - host: - description: - Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect - to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately before a - container is terminated due to an API request or management - event such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called - if the container crashes or exits. The reason for - termination is passed to the handler. The Pod's termination - grace period countdown begins before the PreStop hooked - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the - Pod's termination grace period. Other management - of the container blocks until the hook completes or - until the termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http request - to perform. - properties: - host: - description: - Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect - to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: Probes are not allowed for ephemeral containers. - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the ephemeral container specified as - a DNS_LABEL. This name must be unique among all containers, - init containers and ephemeral containers. - type: string - ports: - description: Ports are not allowed for ephemeral containers. - items: - description: - ContainerPort represents a network port in - a single container. - properties: - containerPort: - description: - Number of port to expose on the pod's - IP address. This must be a valid port number, 0 - < x < 65536. - format: int32 - type: integer - hostIP: - description: - What host IP to bind the external port - to. - type: string - hostPort: - description: - Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, this - must match ContainerPort. Most containers do not - need this. - format: int32 - type: integer - name: - description: - If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a - pod must have a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: Probes are not allowed for ephemeral containers. - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: - Resources are not allowed for ephemeral containers. - Ephemeral containers use spare resources already allocated - to the pod. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - securityContext: - description: - "Optional: SecurityContext defines the security - options the ephemeral container should be run with. If - set, the fields of SecurityContext override the equivalent - fields of PodSecurityContext." - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent - process. This bool directly controls if the no_new_privs - flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: - The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: - Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. - type: boolean - procMount: - description: - procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: - Whether this container has a read-only - root filesystem. Default is false. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if - it does. If unset or false, no such validation will - be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - properties: - level: - description: - Level is SELinux level label that applies - to the container. - type: string - role: - description: - Role is a SELinux role label that applies - to the container. - type: string - type: - description: - Type is a SELinux type label that applies - to the container. - type: string - user: - description: - User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by this container. - If seccomp options are provided at both the pod & - container level, the container options override the - pod options. - properties: - localhostProfile: - description: - localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: - "type indicates which kind of seccomp - profile will be applied. Valid options are: \n - Localhost - a profile defined in a file on the - node should be used. RuntimeDefault - the container - runtime default profile should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings applied to - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the - Pod. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run the - entrypoint of the container process. Defaults - to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: Probes are not allowed for ephemeral containers. - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, - reads from stdin in the container will always result in - EOF. Default is false. - type: boolean - stdinOnce: - description: - Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce is - set to true, stdin is opened on container start, is empty - until the first client attaches to stdin, and then remains - open and accepts data until the client disconnects, at - which time stdin is closed and remains closed until the - container is restarted. If this flag is false, a container - processes that reads from stdin will never receive an - EOF. Default is false - type: boolean - targetContainerName: - description: - If set, the name of the container from PodSpec - that this ephemeral container targets. The ephemeral container - will be run in the namespaces (IPC, PID, etc) of this - container. If not set then the ephemeral container is - run in whatever namespaces are shared for the pod. Note - that the container runtime must support this feature. - type: string - terminationMessagePath: - description: - "Optional: Path at which the file to which - the container's termination message will be written is - mounted into the container's filesystem. Message written - is intended to be brief final status, such as an assertion - failure message. Will be truncated by the node if greater - than 4096 bytes. The total message length across all containers - will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last chunk - of container log output if the termination message file - is empty and the container exited with an error. The log - output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: - Whether this container should allocate a TTY - for itself, also requires 'stdin' to be true. Default - is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of block devices - to be used by the container. - items: - description: - volumeDevice describes a mapping of a raw - block device within a container. - properties: - devicePath: - description: - devicePath is the path inside of the - container that the device will be mapped to. - type: string - name: - description: - name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: - VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: - Path within the container at which the - volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: - Path within the volume from which the - container's volume should be mounted. Defaults to - "" (volume's root). - type: string - subPathExpr: - description: - Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable - references $(VAR_NAME) are expanded using the container's - environment. Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - hostAliases: - description: - HostAliases is an optional list of hosts and IPs - that will be injected into the pod's hosts file if specified. - This is only valid for non-hostNetwork pods. - items: - description: - HostAlias holds the mapping between IP and hostnames - that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - type: object - type: array - hostIPC: - description: - "Use the host's ipc namespace. Optional: Default - to false." - type: boolean - hostNetwork: - description: - Host networking requested for this pod. Use the host's - network namespace. If this option is set, the ports that will - be used must be specified. Default to false. - type: boolean - hostPID: - description: - "Use the host's pid namespace. Optional: Default - to false." - type: boolean - hostname: - description: - Specifies the hostname of the Pod If not specified, - the pod's hostname will be set to a system-defined value. - type: string - imagePullSecrets: - description: - "ImagePullSecrets is an optional list of references - to secrets in the same namespace to use for pulling any of the - images used by this PodSpec. If specified, these secrets will - be passed to individual puller implementations for them to use. - For example, in the case of docker, only DockerConfig type secrets - are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" - items: - description: - LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - type: array - initContainers: - description: - "List of initialization containers belonging to the - pod. Init containers are executed in order prior to containers - being started. If any init container fails, the pod is considered - to have failed and is handled according to its restartPolicy. - The name for an init container or normal container must be unique - among all containers. Init containers may not have Lifecycle - actions, Readiness probes, Liveness probes, or Startup probes. - The resourceRequirements of an init container are taken into - account during scheduling by finding the highest request/limit - for each resource type, and then using the max of of that value - or the sum of the normal containers. Limits are applied to init - containers in a similar fashion. Init containers cannot currently - be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" - items: - description: - A single application container that you want to - run within a pod. - properties: - args: - description: - 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string literal - "$(VAR_NAME)". Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: - 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. Double $$ are reduced to a single $, which - allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: - List of environment variables to set in the - container. Cannot be updated. - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: - 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless of - whether the variable exists or not. Defaults to - "".' - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: - "Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['']`, - `metadata.annotations['']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs." - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: - "Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported." - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: - List of sources to populate environment variables - in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists - in multiple sources, the value associated with the last - source will take precedence. Values defined by an Env - with a duplicate key will take precedence. Cannot be updated. - items: - description: - EnvFromSource represents the source of a - set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the ConfigMap must - be defined - type: boolean - type: object - prefix: - description: - An optional identifier to prepend to - each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - optional: - description: - Specify whether the Secret must be - defined - type: boolean - type: object - type: object - type: array - image: - description: - "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: - "Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: - Actions that the management system should take - in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: - "PostStart is called immediately after - a container is created. If the handler fails, the - container is terminated and restarted according to - its restart policy. Other management of the container - blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http request - to perform. - properties: - host: - description: - Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect - to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: - "PreStop is called immediately before a - container is terminated due to an API request or management - event such as liveness/startup probe failure, preemption, - resource contention, etc. The handler is not called - if the container crashes or exits. The reason for - termination is passed to the handler. The Pod's termination - grace period countdown begins before the PreStop hooked - is executed. Regardless of the outcome of the handler, - the container will eventually terminate within the - Pod's termination grace period. Other management - of the container blocks until the hook completes or - until the termination grace period is reached. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: - HTTPGet specifies the http request - to perform. - properties: - host: - description: - Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect - to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: - "Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: - Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: - List of ports to expose from the container. - Exposing a port here gives the system additional information - about the network connections a container uses, but is - primarily informational. Not specifying a port here DOES - NOT prevent that port from being exposed. Any port which - is listening on the default "0.0.0.0" address inside a - container will be accessible from the network. Cannot - be updated. - items: - description: - ContainerPort represents a network port in - a single container. - properties: - containerPort: - description: - Number of port to expose on the pod's - IP address. This must be a valid port number, 0 - < x < 65536. - format: int32 - type: integer - hostIP: - description: - What host IP to bind the external port - to. - type: string - hostPort: - description: - Number of port to expose on the host. - If specified, this must be a valid port number, - 0 < x < 65536. If HostNetwork is specified, this - must match ContainerPort. Most containers do not - need this. - format: int32 - type: integer - name: - description: - If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a - pod must have a unique name. Name for the port that - can be referred to by services. - type: string - protocol: - default: TCP - description: - Protocol for port. Must be UDP, TCP, - or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: - "Periodic probe of container service readiness. - Container will be removed from service endpoints if the - probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: - "Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - securityContext: - description: - "SecurityContext defines the security options - the container should be run with. If set, the fields of - SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: - "AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent - process. This bool directly controls if the no_new_privs - flag will be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: - The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: - Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: - Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. - type: boolean - procMount: - description: - procMount denotes the type of proc mount - to use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: - Whether this container has a read-only - root filesystem. Default is false. - type: boolean - runAsGroup: - description: - The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run as - a non-root user. If true, the Kubelet will validate - the image at runtime to ensure that it does not run - as UID 0 (root) and fail to start the container if - it does. If unset or false, no such validation will - be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to the - container. If unspecified, the container runtime will - allocate a random SELinux context for each container. May - also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - properties: - level: - description: - Level is SELinux level label that applies - to the container. - type: string - role: - description: - Role is a SELinux role label that applies - to the container. - type: string - type: - description: - Type is a SELinux type label that applies - to the container. - type: string - user: - description: - User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by this container. - If seccomp options are provided at both the pod & - container level, the container options override the - pod options. - properties: - localhostProfile: - description: - localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative to - the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: - "type indicates which kind of seccomp - profile will be applied. Valid options are: \n - Localhost - a profile defined in a file on the - node should be used. RuntimeDefault - the container - runtime default profile should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: - The Windows specific settings applied to - all containers. If unspecified, the options from the - PodSecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the GMSA - admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec - named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container - should be run as a 'Host Process' container. This - field is alpha-level and will only be honored - by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature - flag will result in errors when validating the - Pod. All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run the - entrypoint of the container process. Defaults - to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: - "StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed - until this completes successfully. If this probe fails, - the Pod will be restarted, just as if the livenessProbe - failed. This can be used to provide different probe parameters - at the beginning of a Pod's lifecycle, when it might - take a long time to load data or warm a cache, than during - steady-state operation. This cannot be updated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: - One and only one of the following should - be specified. Exec specifies the action to take. - properties: - command: - description: - Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: - Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: - Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: - Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: - HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: - Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: - Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: - "Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum - value is 1. - format: int32 - type: integer - tcpSocket: - description: - "TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook" - properties: - host: - description: - "Optional: Host name to connect to, - defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: - Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and - the time when the processes are forcibly halted with - a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, - the pod's terminationGracePeriodSeconds will be used. - Otherwise, this value overrides the value provided - by the pod spec. Value must be non-negative integer. - The value zero indicates stop immediately via the - kill signal (no opportunity to shut down). This is - a beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: - "Number of seconds after which the probe - times out. Defaults to 1 second. Minimum value is - 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: - Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, - reads from stdin in the container will always result in - EOF. Default is false. - type: boolean - stdinOnce: - description: - Whether the container runtime should close - the stdin channel after it has been opened by a single - attach. When stdin is true the stdin stream will remain - open across multiple attach sessions. If stdinOnce is - set to true, stdin is opened on container start, is empty - until the first client attaches to stdin, and then remains - open and accepts data until the client disconnects, at - which time stdin is closed and remains closed until the - container is restarted. If this flag is false, a container - processes that reads from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: - "Optional: Path at which the file to which - the container's termination message will be written is - mounted into the container's filesystem. Message written - is intended to be brief final status, such as an assertion - failure message. Will be truncated by the node if greater - than 4096 bytes. The total message length across all containers - will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated." - type: string - terminationMessagePolicy: - description: - Indicate how the termination message should - be populated. File will use the contents of terminationMessagePath - to populate the container status message on both success - and failure. FallbackToLogsOnError will use the last chunk - of container log output if the termination message file - is empty and the container exited with an error. The log - output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: - Whether this container should allocate a TTY - for itself, also requires 'stdin' to be true. Default - is false. - type: boolean - volumeDevices: - description: - volumeDevices is the list of block devices - to be used by the container. - items: - description: - volumeDevice describes a mapping of a raw - block device within a container. - properties: - devicePath: - description: - devicePath is the path inside of the - container that the device will be mapped to. - type: string - name: - description: - name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: - Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: - VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: - Path within the container at which the - volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: - mountPropagation determines how mounts - are propagated from the host to container and the - other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: - Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: - Path within the volume from which the - container's volume should be mounted. Defaults to - "" (volume's root). - type: string - subPathExpr: - description: - Expanded path within the volume from - which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable - references $(VAR_NAME) are expanded using the container's - environment. Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: - Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - nodeName: - description: - NodeName is a request to schedule this pod onto a - specific node. If it is non-empty, the scheduler simply schedules - this pod onto that node, assuming that it fits resource requirements. - type: string - nodeSelector: - additionalProperties: - type: string - description: - "NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node's - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" - type: object - x-kubernetes-map-type: atomic - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Overhead represents the resource overhead associated - with running a pod for a given RuntimeClass. This field will - be autopopulated at admission time by the RuntimeClass admission - controller. If the RuntimeClass admission controller is enabled, - overhead must not be set in Pod create requests. The RuntimeClass - admission controller will reject Pod create requests which have - the overhead already set. If RuntimeClass is configured and - selected in the PodSpec, Overhead will be set to the value defined - in the corresponding RuntimeClass, otherwise it will remain - unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - This field is beta-level as of Kubernetes v1.18, and is only - honored by servers that enable the PodOverhead feature." - type: object - preemptionPolicy: - description: - PreemptionPolicy is the Policy for preempting pods - with lower priority. One of Never, PreemptLowerPriority. Defaults - to PreemptLowerPriority if unset. This field is beta-level, - gated by the NonPreemptingPriority feature-gate. - type: string - priority: - description: - The priority value. Various system components use - this field to find the priority of the pod. When Priority Admission - Controller is enabled, it prevents users from setting this field. - The admission controller populates this field from PriorityClassName. - The higher the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: - If specified, indicates the pod's priority. "system-node-critical" - and "system-cluster-critical" are two special keywords which - indicate the highest priorities with the former being the highest - priority. Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod priority will - be default or zero if there is no default. - type: string - readinessGates: - description: - 'If specified, all readiness gates will be evaluated - for pod readiness. A pod is ready when all its containers are - ready AND all conditions specified in the readiness gates have - status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' - items: - description: - PodReadinessGate contains the reference to a pod - condition - properties: - conditionType: - description: - ConditionType refers to a condition in the - pod's condition list with matching type. - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - description: - "Restart policy for all containers within the pod. - One of Always, OnFailure, Never. Default to Always. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy" - type: string - runtimeClassName: - description: - 'RuntimeClassName refers to a RuntimeClass object - in the node.k8s.io group, which should be used to run this pod. If - no RuntimeClass resource matches the named class, the pod will - not be run. If unset or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with an empty definition - that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - This is a beta feature as of Kubernetes v1.14.' - type: string - schedulerName: - description: - If specified, the pod will be dispatched by specified - scheduler. If not specified, the pod will be dispatched by default - scheduler. - type: string - securityContext: - description: - "SecurityContext holds pod-level security attributes - and common container settings. Optional: Defaults to empty. See - type description for default values of each field." - properties: - fsGroup: - description: - "A special supplemental group that applies to - all containers in a pod. Some volume types allow the Kubelet - to change the ownership of that volume to be owned by the - pod: \n 1. The owning GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume will be owned - by FSGroup) 3. The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify the ownership and - permissions of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: - 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used.' - type: string - runAsGroup: - description: - The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: - Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: - The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. - properties: - level: - description: - Level is SELinux level label that applies - to the container. - type: string - role: - description: - Role is a SELinux role label that applies - to the container. - type: string - type: - description: - Type is a SELinux type label that applies - to the container. - type: string - user: - description: - User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: - The seccomp options to use by the containers - in this pod. - properties: - localhostProfile: - description: - localhostProfile indicates a profile defined - in a file on the node should be used. The profile must - be preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". - type: string - type: - description: - "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a - profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile - should be used. Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: - A list of groups applied to the first process - run in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: - Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: - The Windows specific settings applied to all - containers. If unspecified, the options within a container's - SecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - properties: - gmsaCredentialSpec: - description: - GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: - GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: - HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: - The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - serviceAccount: - description: - "DeprecatedServiceAccount is a depreciated alias - for ServiceAccountName. Deprecated: Use serviceAccountName instead." - type: string - serviceAccountName: - description: - "ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" - type: string - setHostnameAsFQDN: - description: - If true the pod's hostname will be configured as - the pod's FQDN, rather than the leaf name (the default). In - Linux containers, this means setting the FQDN in the hostname - field of the kernel (the nodename field of struct utsname). - In Windows containers, this means setting the registry value - of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this has no effect. Default - to false. - type: boolean - shareProcessNamespace: - description: - "Share a single process namespace between all of - the containers in a pod. When this is set containers will be - able to view and signal processes from other containers in the - same pod, and the first process in each container will not be - assigned PID 1. HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false." - type: boolean - subdomain: - description: - If specified, the fully qualified Pod hostname will - be "...svc.". - If not specified, the pod will not have a domainname at all. - type: string - terminationGracePeriodSeconds: - description: - Optional duration in seconds the pod needs to terminate - gracefully. May be decreased in delete request. Value must be - non-negative integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). If this value - is nil, the default grace period will be used instead. The grace - period is the duration in seconds after the processes running - in the pod are sent a termination signal and the time when the - processes are forcibly halted with a kill signal. Set this value - longer than the expected cleanup time for your process. Defaults - to 30 seconds. - format: int64 - type: integer - tolerations: - description: If specified, the pod's tolerations. - items: - description: - The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: - Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: - Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: - Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: - TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: - Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: - TopologySpreadConstraints describes how a group of - pods ought to spread across topology domains. Scheduler will - schedule pods in a way which abides by the constraints. All - topologySpreadConstraints are ANDed. - items: - description: - TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: - "MaxSkew describes the degree to which pods - may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global - minimum. For example, in a 3-zone cluster, MaxSkew is - set to 1, and pods with the same labelSelector spread - as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled - to zone3 to become 1/1/1; scheduling it onto zone1(zone2) - would make the ActualSkew(2-0) on zone1(zone2) violate - MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled - onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that - satisfy it. It's a required field. Default value is 1 - and 0 is not allowed." - format: int32 - type: integer - topologyKey: - description: - TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values are - considered to be in the same topology. We consider each - as a "bucket", and try to put balanced number - of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: - 'WhenUnsatisfiable indicates how to deal with - a pod if it doesn''t satisfy the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule - it. - ScheduleAnyway tells the scheduler to schedule the - pod in any location, but giving higher precedence to - topologies that would help reduce the skew. A constraint - is considered "Unsatisfiable" for an incoming pod if and - only if every possible node assigment for that pod would - violate "MaxSkew" on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, and pods with the - same labelSelector spread as 3/1/1: | zone1 | zone2 | - zone3 | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). In other words, - the cluster can still be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: - "List of volumes that can be mounted by containers - belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" - items: - description: - Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: - "AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet's host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: - 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: - 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - format: int32 - type: integer - readOnly: - description: - 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: - "Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: string - required: - - volumeID - type: object - azureDisk: - description: - AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: - "Host Caching mode: None, Read Only, Read - Write." - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: - Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: - "Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared" - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: - AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: - the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: - CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: - description: - "Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: string - type: array - path: - description: - "Optional: Used as the mounted root, rather - than the full Ceph tree, default is /" - type: string - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: boolean - secretFile: - description: - "Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - secretRef: - description: - "Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - user: - description: - "Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - required: - - monitors - type: object - cinder: - description: - "Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: - 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: boolean - secretRef: - description: - "Optional: points to a secret object containing - parameters used to connect to OpenStack." - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - volumeID: - description: - "volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: string - required: - - volumeID - type: object - configMap: - description: - ConfigMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: - "Optional: mode bits used to set permissions - on created files by default. Must be an octal value - between 0000 and 0777 or a decimal value between 0 - and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: - description: - Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used to set - permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict with - other options that affect the file mode, like - fsGroup, and the result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap or its keys - must be defined - type: boolean - type: object - csi: - description: - CSI (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: - Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: - Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: - NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - readOnly: - description: - Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: - VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: - DownwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: - description: - "Optional: mode bits to use on created - files by default. Must be a Optional: mode bits used - to set permissions on created files by default. Must - be an octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within the path - are not affected by this setting. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set." - format: int32 - type: integer - items: - description: - Items is a list of downward API volume - file - items: - description: - DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: - "Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported." - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: mode bits used to set - permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict with - other options that affect the file mode, like - fsGroup, and the result can be other mode bits - set." - format: int32 - type: integer - path: - description: - "Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the '..' path. Must - be utf-8 encoded. The first item of the relative - path must not start with '..'" - type: string - resourceFieldRef: - description: - "Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported." - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: - "EmptyDir represents a temporary directory - that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: - 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: - "Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: - "Ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is - tied to the pod that defines it - it will be created before - the pod starts, and deleted when the pod is removed. \n - Use this if: a) the volume is only needed while the pod - runs, b) features of normal volumes like restoring from - snapshot or capacity tracking are needed, c) the storage - driver is specified through a storage class, and d) the - storage driver supports dynamic volume provisioning through - \ a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this - volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n - Use CSI for light-weight local ephemeral volumes if the - CSI driver is meant to be used that way - see the documentation - of the driver for more information. \n A pod can use both - types of ephemeral volumes and persistent volumes at the - same time. \n This is a beta feature and only available - when the GenericEphemeralVolume feature gate is enabled." - properties: - volumeClaimTemplate: - description: - "Will be used to create a stand-alone PVC - to provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the - PVC will be deleted together with the pod. The name - of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject the pod if - the concatenated name is not valid for a PVC (for - example, too long). \n An existing PVC with that name - that is not owned by the pod will *not* be used for - the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated - PVC is removed. If such a pre-created PVC is meant - to be used by the pod, the PVC has to updated with - an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may - be useful when manually reconstructing a broken cluster. - \n This field is read-only and no changes will be - made by Kubernetes to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: - May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be rejected - during validation. - type: object - spec: - description: - The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the - PVC that gets created from this template. The - same fields as in a PersistentVolumeClaim are - also valid here. - properties: - accessModes: - description: - "AccessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: - "This field can be used to specify - either: * An existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) * - An existing PVC (PersistentVolumeClaim) If - the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always - have the same contents as the DataSourceRef - field." - properties: - apiGroup: - description: - APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: - Kind is the type of resource - being referenced - type: string - name: - description: - Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - dataSourceRef: - description: - "Specifies the object from which - to populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this - field is specified, volume binding will only - succeed if the type of the specified object - matches some installed volume populator or - dynamic provisioner. This field will replace - the functionality of the DataSource field - and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, both fields (DataSource and - DataSourceRef) will be set to the same value - automatically if one of them is empty and - the other is non-empty. There are two important - differences between DataSource and DataSourceRef: - * While DataSource only allows two specific - types of objects, DataSourceRef allows any - non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed - values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed - value is specified. (Alpha) Using this field - requires the AnyVolumeDataSource feature gate - to be enabled." - properties: - apiGroup: - description: - APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: - Kind is the type of resource - being referenced - type: string - name: - description: - Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - resources: - description: - "Resources represents the minimum - resources the volume should have. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: - "Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" - type: object - type: object - selector: - description: - A label query over volumes to consider - for binding. - properties: - matchExpressions: - description: - matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: - A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key - that the selector applies to. - type: string - operator: - description: - operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - storageClassName: - description: - "Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: - volumeMode defines what type of - volume is required by the claim. Value of - Filesystem is implied when not included in - claim spec. - type: string - volumeName: - description: - VolumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: - FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: - description: - 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: "Optional: FC target lun number" - format: int32 - type: integer - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" - items: - type: string - type: array - wwids: - description: - "Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously." - items: - type: string - type: array - type: object - flexVolume: - description: - FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: - Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: - Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: - type: string - description: "Optional: Extra command options if any." - type: object - readOnly: - description: - "Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - secretRef: - description: - "Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts." - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - required: - - driver - type: object - flocker: - description: - Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: - Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: - UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: - "GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet's host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: - 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: - 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: - "Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: string - readOnly: - description: - "ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: boolean - required: - - pdName - type: object - gitRepo: - description: - "GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod's container." - properties: - directory: - description: - Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: - "Glusterfs represents a Glusterfs mount on - the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: - "EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - path: - description: - "Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - readOnly: - description: - "ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: - "HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write." - properties: - path: - description: - "Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: string - type: - description: - 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: - "ISCSI represents an ISCSI Disk resource that - is attached to a kubelet's host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: - 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: - Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: - iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: - iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: - ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: - CHAP Secret for iSCSI target and initiator - authentication - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - targetPortal: - description: - iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: - "Volume's name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - nfs: - description: - "NFS represents an NFS mount on the host that - shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: - "Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - readOnly: - description: - "ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: boolean - server: - description: - "Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: - "PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: - "ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: - Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: - PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: - Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: - ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: - PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: - FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: - VolumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: - Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: - Mode bits used to set permissions on created - files by default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. Directories within the - path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: - Projection that may be projected along - with other supported volume types - properties: - configMap: - description: - information about the configMap data - to project - properties: - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - items: - description: - Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set." - format: int32 - type: integer - path: - description: - The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - downwardAPI: - description: - information about the downwardAPI - data to project - properties: - items: - description: - Items is a list of DownwardAPIVolume - file - items: - description: - DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: - "Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported." - properties: - apiVersion: - description: - Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: - "Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set." - format: int32 - type: integer - path: - description: - "Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the '..' path. Must be utf-8 - encoded. The first item of the relative - path must not start with '..'" - type: string - resourceFieldRef: - description: - "Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported." - properties: - containerName: - description: - "Container name: required - for volumes, optional for env - vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: - "Required: resource - to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: - information about the secret data - to project - properties: - items: - description: - If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - items: - description: - Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set." - format: int32 - type: integer - path: - description: - The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: - "Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?" - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - type: object - serviceAccountToken: - description: - information about the serviceAccountToken - data to project - properties: - audience: - description: - Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: - ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - format: int64 - type: integer - path: - description: - Path is the path relative to - the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: - Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: - Group to map volume access to Default is - no group - type: string - readOnly: - description: - ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: - Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: - Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: - User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: - Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: - "RBD represents a Rados Block Device mount - on the host that shares a pod's lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: - 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - keyring: - description: - "Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - monitors: - description: - "A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: string - type: array - pool: - description: - "The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - readOnly: - description: - "ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: boolean - secretRef: - description: - "SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - user: - description: - "The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - required: - - image - - monitors - type: object - scaleIO: - description: - ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: - Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: - The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - sslEnabled: - description: - Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: - Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: - The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: - The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: - The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: - "Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: - "Optional: mode bits used to set permissions - on created files by default. Must be an octal value - between 0000 and 0777 or a decimal value between 0 - and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set." - format: int32 - type: integer - items: - description: - If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - items: - description: - Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: - "Optional: mode bits used to set - permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict with - other options that affect the file mode, like - fsGroup, and the result can be other mode bits - set." - format: int32 - type: integer - path: - description: - The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: - Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: - "Name of the secret in the pod's namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - storageos: - description: - StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: - Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: - Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: - SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?" - type: string - type: object - volumeName: - description: - VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: - VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - type: object - vsphereVolume: - description: - VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: - Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: - Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: - Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - containers - type: object - prowjob_defaults: - description: - ProwJobDefault holds configuration options provided as - defaults in the Prow config - properties: - tenant_id: - type: string - type: object - refs: - description: - Refs is the code under test, determined at runtime by - Prow itself - properties: - base_link: - description: BaseLink is a link to the commit identified by BaseSHA. - type: string - base_ref: - type: string - base_sha: - type: string - clone_depth: - description: - CloneDepth is the depth of the clone that will be - used. A depth of zero will do a full clone. - type: integer - clone_uri: - description: - CloneURI is the URI that is used to clone the repository. - If unset, will default to `https://github.com/org/repo.git`. - type: string - org: - description: Org is something like kubernetes or k8s.io - type: string - path_alias: - description: - PathAlias is the location under /src where - this repository is cloned. If this is not set, /src/github.com/org/repo - will be used as the default. - type: string - pulls: - items: - description: - Pull describes a pull request at a particular point - in time. - properties: - author: - type: string - author_link: - description: - AuthorLink links to the author of the pull - request. - type: string - commit_link: - description: - CommitLink links to the commit identified by - the SHA. - type: string - link: - description: Link links to the pull request itself. - type: string - number: - type: integer - ref: - description: - "Ref is git ref can be checked out for a change - for example, github: pull/123/head gerrit: refs/changes/00/123/1" - type: string - sha: - type: string - title: - type: string - required: - - author - - number - - sha - type: object - type: array - repo: - description: Repo is something like test-infra - type: string - repo_link: - description: RepoLink links to the source for Repo. - type: string - skip_fetch_head: - description: - SkipFetchHead tells prow to avoid a git fetch - call. Multiheaded repos may need to not make this call. The - git fetch call occurs regardless. - type: boolean - skip_submodules: - description: - SkipSubmodules determines if submodules should be - cloned when the job is run. Defaults to false. - type: boolean - workdir: - description: - WorkDir defines if the location of the cloned repository - will be used as the default working directory. - type: boolean - required: - - org - - repo - type: object - report: - description: - Report determines if the result of this job should be - reported (e.g. status on GitHub, message in Slack, etc.) - type: boolean - reporter_config: - description: ReporterConfig holds reporter-specific configuration - properties: - slack: - properties: - channel: - type: string - host: - type: string - job_states_to_report: - items: - description: ProwJobState specifies whether the job is running - type: string - type: array - report: - description: - "Report is derived from JobStatesToReport, it's - used for differentiating nil from empty slice, as yaml roundtrip - by design can't tell the difference when omitempty is supplied. - See https://github.com/kubernetes/test-infra/pull/24168 - for details Priority-wise, it goes by following order: - - `report: true/false`` in job config - `JobStatesToReport: - ` in job config - `report: - true/false`` in global config - `JobStatesToReport:` in - global config" - type: boolean - report_template: - type: string - type: object - type: object - rerun_auth_config: - description: - RerunAuthConfig holds information about which users can - rerun the job - properties: - allow_anyone: - description: - If AllowAnyone is set to true, any user can rerun - the job - type: boolean - github_orgs: - description: - GitHubOrgs contains names of GitHub organizations - whose members can rerun the job - items: - type: string - type: array - github_team_ids: - description: - 'GitHubTeams contains IDs of GitHub teams of users - who can rerun the job If you know the name of a team and the - org it belongs to, you can look up its ID using this command, - where the team slug is the hyphenated name: curl -H "Authorization: - token " "https://api.github.com/orgs//teams/" or, to list all teams in a given org, use curl -H "Authorization: - token " "https://api.github.com/orgs//teams"' - items: - type: integer - type: array - github_team_slugs: - description: - GitHubTeamSlugs contains slugs and orgs of teams - of users who can rerun the job - items: - properties: - org: - type: string - slug: - type: string - required: - - org - - slug - type: object - type: array - github_users: - description: - GitHubUsers contains names of individual users who - can rerun the job - items: - type: string - type: array - type: object - rerun_command: - description: - RerunCommand is the command a user would write to trigger - this job on their pull request - type: string - type: - description: Type is the type of job and informs how the jobs is triggered - enum: - - presubmit - - postsubmit - - periodic - - batch - type: string - type: object - status: - anyOf: - - not: - properties: - state: - enum: - - "success" - - "failure" - - "error" - - required: - - completionTime - description: - ProwJobStatus provides runtime metadata, such as when it - finished, whether it is running, etc. - properties: - build_id: - description: - BuildID is the build identifier vended either by tot - or the snowflake library for this job and used as an identifier - for grouping artifacts in GCS for views in TestGrid and Gubernator. - Idenitifiers vended by tot are monotonically increasing whereas - identifiers vended by the snowflake library are not. - type: string - completionTime: - description: - CompletionTime is the timestamp for when the job goes - to a final state - format: date-time - type: string - description: - type: string - jenkins_build_id: - description: - JenkinsBuildID applies only to ProwJobs fulfilled by - the jenkins-operator. This field is the build identifier that Jenkins - gave to the build for this ProwJob. - type: string - pendingTime: - description: - PendingTime is the timestamp for when the job moved from - triggered to pending - format: date-time - type: string - pod_name: - description: - PodName applies only to ProwJobs fulfilled by plank. - This field should always be the same as the ProwJob.ObjectMeta.Name - field. - type: string - prev_report_states: - additionalProperties: - description: ProwJobState specifies whether the job is running - type: string - description: - PrevReportStates stores the previous reported prowjob - state per reporter So crier won't make duplicated report attempt - type: object - startTime: - description: StartTime is equal to the creation time of the ProwJob - format: date-time - type: string - state: - description: ProwJobState specifies whether the job is running - enum: - - triggered - - pending - - success - - failure - - aborted - - error - type: string - url: - type: string - type: object - type: object - served: true - storage: true - subresources: {} diff --git a/charts/prow/charts/prow-crd/values.yaml b/charts/prow/charts/prow-crd/values.yaml deleted file mode 100644 index 556df42ea..000000000 --- a/charts/prow/charts/prow-crd/values.yaml +++ /dev/null @@ -1 +0,0 @@ -# nothing