|
-
- ---
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.4.1
- creationTimestamp: null
- name: objectsearchservices.sedna.io
- spec:
- group: sedna.io
- names:
- kind: ObjectSearchService
- listKind: ObjectSearchServiceList
- plural: objectsearchservices
- shortNames:
- - objs
- singular: objectsearchservice
- scope: Namespaced
- versions:
- - name: v1alpha1
- schema:
- openAPIV3Schema:
- description: ObjectSearchService describes the data that a objectsearchservice
- resource should have
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: ObjectSearchServiceSpec is a description of a objectsearchservice
- properties:
- reidWorkers:
- description: ReidWorkers describes the data reid workers should have
- properties:
- minReadySeconds:
- description: Minimum number of seconds for which a newly created
- pod should be ready without any of its container crashing, for
- it to be considered available. Defaults to 0 (pod will be considered
- available as soon as it is ready)
- format: int32
- type: integer
- paused:
- description: Indicates that the deployment is paused.
- type: boolean
- progressDeadlineSeconds:
- description: The maximum time in seconds for a deployment to make
- progress before it is considered to be failed. The deployment
- controller will continue to process failed deployments and a
- condition with a ProgressDeadlineExceeded reason will be surfaced
- in the deployment status. Note that progress will not be estimated
- during the time a deployment is paused. Defaults to 600s.
- format: int32
- type: integer
- replicas:
- description: Number of desired pods. This is a pointer to distinguish
- between explicit zero and not specified. Defaults to 1.
- format: int32
- type: integer
- revisionHistoryLimit:
- description: The number of old ReplicaSets to retain to allow
- rollback. This is a pointer to distinguish between explicit
- zero and not specified. Defaults to 10.
- format: int32
- type: integer
- selector:
- description: Label selector for pods. Existing ReplicaSets whose
- pods are selected by this will be the ones affected by this
- deployment. It must match the pod template's labels.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values. If
- the operator is In or NotIn, the values array must
- be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced
- during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs. A
- single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is "key",
- the operator is "In", and the values array contains only
- "value". The requirements are ANDed.
- type: object
- type: object
- strategy:
- description: The deployment strategy to use to replace existing
- pods with new ones.
- properties:
- rollingUpdate:
- description: 'Rolling update config params. Present only if
- DeploymentStrategyType = RollingUpdate. --- TODO: Update
- this to follow our convention for oneOf, whatever we decide
- it to be.'
- properties:
- maxSurge:
- anyOf:
- - type: integer
- - type: string
- description: 'The maximum number of pods that can be scheduled
- above the desired number of pods. Value can be an absolute
- number (ex: 5) or a percentage of desired pods (ex:
- 10%). This can not be 0 if MaxUnavailable is 0. Absolute
- number is calculated from percentage by rounding up.
- Defaults to 25%. Example: when this is set to 30%, the
- new ReplicaSet can be scaled up immediately when the
- rolling update starts, such that the total number of
- old and new pods do not exceed 130% of desired pods.
- Once old pods have been killed, new ReplicaSet can be
- scaled up further, ensuring that total number of pods
- running at any time during the update is at most 130%
- of desired pods.'
- x-kubernetes-int-or-string: true
- maxUnavailable:
- anyOf:
- - type: integer
- - type: string
- description: 'The maximum number of pods that can be unavailable
- during the update. Value can be an absolute number (ex:
- 5) or a percentage of desired pods (ex: 10%). Absolute
- number is calculated from percentage by rounding down.
- This can not be 0 if MaxSurge is 0. Defaults to 25%.
- Example: when this is set to 30%, the old ReplicaSet
- can be scaled down to 70% of desired pods immediately
- when the rolling update starts. Once new pods are ready,
- old ReplicaSet can be scaled down further, followed
- by scaling up the new ReplicaSet, ensuring that the
- total number of pods available at all times during the
- update is at least 70% of desired pods.'
- x-kubernetes-int-or-string: true
- type: object
- type:
- description: Type of deployment. Can be "Recreate" or "RollingUpdate".
- Default is RollingUpdate.
- type: string
- type: object
- template:
- description: Template describes the pods that will be created.
- properties:
- metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
- type: object
- spec:
- description: 'Specification of the desired behavior of the
- pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before the
- system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules
- for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s)
- with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term
- matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling
- term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- weight:
- description: Weight associated with matching
- the corresponding nodeSelectorTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod
- from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector
- terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- type: array
- required:
- - nodeSelectorTerms
- type: object
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules
- (e.g. co-locate this pod in the same node, zone,
- etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces. This field
- is alpha-level and is only honored
- when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- <topologyKey> matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- This field is alpha-level and is only
- honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most preferred
- is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a
- sum by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces. This field
- is alpha-level and is only honored
- when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- <topologyKey> matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- This field is alpha-level and is only
- honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether
- a service account token should be automatically mounted.
- type: boolean
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination
- grace period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination grace
- period. Other management of the container
- blocks until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Exposing a port here gives the system additional
- information about the network connections a container
- uses, but is primarily informational. Not specifying
- a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default
- "0.0.0.0" address inside a container will be accessible
- from the network. Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run
- with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod''s lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to
- which the container''s termination message will
- be written is mounted into the container''s filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers generated
- from DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated from
- DNSPolicy. Duplicated entries will be removed. Resolution
- options given in Options will override those that
- appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver
- options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig
- will be merged with the policy selected with DNSPolicy.
- To have DNS options set along with hostNetwork, you
- have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: 'EnableServiceLinks indicates whether information
- about services should be injected into pod''s environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true.'
- type: boolean
- ephemeralContainers:
- description: List of ephemeral containers run in this
- pod. Ephemeral containers may be run in an existing
- pod to perform user-initiated actions such as debugging.
- This list cannot be specified when creating a pod, and
- it cannot be modified by updating the pod spec. In order
- to add an ephemeral container to an existing pod, use
- the pod's ephemeralcontainers subresource. This field
- is alpha-level and is only honored by servers that enable
- the EphemeralContainers feature.
- items:
- description: An EphemeralContainer is a container that
- may be added temporarily to an existing pod for user-initiated
- activities such as debugging. Ephemeral containers
- have no resource or scheduling guarantees, and they
- will not be restarted when they exit or when a pod
- is removed or restarted. If an ephemeral container
- causes a pod to exceed its resource allocation, the
- pod may be evicted. Ephemeral containers may not be
- added by directly updating the pod spec. They must
- be added via the pod's ephemeralcontainers subresource,
- and they will appear in the pod spec once added. This
- is an alpha feature enabled by the EphemeralContainers
- feature flag.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Lifecycle is not allowed for ephemeral
- containers.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination
- grace period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination grace
- period. Other management of the container
- blocks until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the ephemeral container specified
- as a DNS_LABEL. This name must be unique among
- all containers, init containers and ephemeral
- containers.
- type: string
- ports:
- description: Ports are not allowed for ephemeral
- containers.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: Resources are not allowed for ephemeral
- containers. Ephemeral containers use spare resources
- already allocated to the pod.
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: SecurityContext is not allowed for
- ephemeral containers.
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- targetContainerName:
- description: If set, the name of the container from
- PodSpec that this ephemeral container targets.
- The ephemeral container will be run in the namespaces
- (IPC, PID, etc) of this container. If not set
- then the ephemeral container is run in whatever
- namespaces are shared for the pod. Note that the
- container runtime must support this feature.
- type: string
- terminationMessagePath:
- description: 'Optional: Path at which the file to
- which the container''s termination message will
- be written is mounted into the container''s filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts file
- if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry in
- the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: 'Use the host''s ipc namespace. Optional:
- Default to false.'
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use
- the host's network namespace. If this option is set,
- the ports that will be used must be specified. Default
- to false.
- type: boolean
- hostPID:
- description: 'Use the host''s pid namespace. Optional:
- Default to false.'
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
- type: string
- imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use for
- pulling any of the images used by this PodSpec. If specified,
- these secrets will be passed to individual puller implementations
- for them to use. For example, in the case of docker,
- only DockerConfig type secrets are honored. More info:
- https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the
- same namespace.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- type: object
- type: array
- initContainers:
- description: 'List of initialization containers belonging
- to the pod. Init containers are executed in order prior
- to containers being started. If any init container fails,
- the pod is considered to have failed and is handled
- according to its restartPolicy. The name for an init
- container or normal container must be unique among all
- containers. Init containers may not have Lifecycle actions,
- Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken
- into account during scheduling by finding the highest
- request/limit for each resource type, and then using
- the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination
- grace period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination grace
- period. Other management of the container
- blocks until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Exposing a port here gives the system additional
- information about the network connections a container
- uses, but is primarily informational. Not specifying
- a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default
- "0.0.0.0" address inside a container will be accessible
- from the network. Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run
- with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod''s lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to
- which the container''s termination message will
- be written is mounted into the container''s filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod
- onto a specific node. If it is non-empty, the scheduler
- simply schedules this pod onto that node, assuming that
- it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: 'NodeSelector is a selector which must be
- true for the pod to fit on a node. Selector which must
- match a node''s labels for the pod to be scheduled on
- that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not be
- set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set to
- the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md
- This field is alpha-level as of Kubernetes v1.16, and
- is only honored by servers that enable the PodOverhead
- feature.'
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset. This field
- is beta-level, gated by the NonPreemptingPriority feature-gate.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be
- evaluated for pod readiness. A pod is ready when all
- its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More
- info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- restartPolicy:
- description: 'Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. Default to
- Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or
- empty, the "legacy" RuntimeClass will be used, which
- is an implicit class with an empty definition that uses
- the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
- This is a beta feature as of Kubernetes v1.14.'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod will
- be dispatched by default scheduler.
- type: string
- securityContext:
- description: 'SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field.'
- properties:
- fsGroup:
- description: "A special supplemental group that applies
- to all containers in a pod. Some volume types allow
- the Kubelet to change the ownership of that volume
- to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files
- created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw---- \n
- If unset, the Kubelet will not modify the ownership
- and permissions of any volume."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have no
- effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for
- that container.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not
- run as UID 0 (root) and fail to start the container
- if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified in
- image metadata if unspecified. May also be set in
- SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container runtime
- will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file on
- the node should be used. RuntimeDefault - the
- container runtime default profile should be
- used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to the
- container's primary GID. If unspecified, no groups
- will be added to any container.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- items:
- description: Sysctl defines a kernel parameter to
- be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options within
- a container's SecurityContext will be used. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: string
- type: object
- type: object
- serviceAccount:
- description: 'DeprecatedServiceAccount is a depreciated
- alias for ServiceAccountName. Deprecated: Use serviceAccountName
- instead.'
- type: string
- serviceAccountName:
- description: 'ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the default).
- In Linux containers, this means setting the FQDN in
- the hostname field of the kernel (the nodename field
- of struct utsname). In Windows containers, this means
- setting the registry value of hostname for the registry
- key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect.
- Default to false.
- type: boolean
- shareProcessNamespace:
- description: 'Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process in
- each container will not be assigned PID 1. HostPID and
- ShareProcessNamespace cannot both be set. Optional:
- Default to false.'
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster
- domain>". If not specified, the pod will not have a
- domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple <key,value,effect>
- using the matching operator <operator>.
- properties:
- effect:
- description: Effect indicates the taint effect to
- match. Empty means match all taint effects. When
- specified, allowed values are NoSchedule, PreferNoSchedule
- and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and Equal.
- Defaults to Equal. Exists is equivalent to wildcard
- for value, so that a pod can tolerate all taints
- of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period
- of time the toleration (which must be of effect
- NoExecute, otherwise this field is ignored) tolerates
- the taint. By default, it is not set, which means
- tolerate the taint forever (do not evict). Zero
- and negative values will be treated as 0 (evict
- immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a
- group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides by
- the constraints. All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how
- to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- maxSkew:
- description: 'MaxSkew describes the degree to which
- pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between
- the number of matching pods in the target topology
- and the global minimum. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the
- same labelSelector spread as 1/1/0: | zone1 |
- zone2 | zone3 | | P | P | | - if
- MaxSkew is 1, incoming pod can only be scheduled
- to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
- would make the ActualSkew(2-0) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It''s a required field. Default
- value is 1 and 0 is not allowed.'
- format: int32
- type: integer
- topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and
- try to put balanced number of pods into each bucket.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to
- deal with a pod if it doesn''t satisfy the spread
- constraint. - DoNotSchedule (default) tells the
- scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assigment
- for that pod would violate "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set
- to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
- satisfies MaxSkew(1). In other words, the cluster
- can still be imbalanced, but scheduler won''t
- make it *more* imbalanced. It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: 'List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
- items:
- description: Volume represents a named volume in a pod
- that may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an
- AWS Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty).'
- format: int32
- type: integer
- readOnly:
- description: 'Specify "true" to force and set
- the ReadOnly property in VolumeMounts to "true".
- If omitted, the default is "false". More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'Unique ID of the persistent disk
- resource in AWS (Amazon EBS volume). More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: AzureDisk represents an Azure Data
- Disk mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'Host Caching mode: None, Read
- Only, Read Write.'
- type: string
- diskName:
- description: The Name of the data disk in the
- blob storage
- type: string
- diskURI:
- description: The URI the data disk in the blob
- storage
- type: string
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'Expected values Shared: multiple
- blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed availability
- set). defaults to shared'
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: AzureFile represents an Azure File
- Service mount on the host and bind mount to the
- pod.
- properties:
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretName:
- description: the name of secret that contains
- Azure Storage Account Name and Key
- type: string
- shareName:
- description: Share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: CephFS represents a Ceph FS mount on
- the host that shares a pod's lifetime
- properties:
- monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
- type: string
- type: array
- path:
- description: 'Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'Optional: SecretFile is the path
- to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'Optional: SecretRef is reference
- to the authentication secret for User, default
- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- user:
- description: 'Optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'Cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- volumeID:
- description: 'volume id used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: ConfigMap represents a configMap that
- should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may not
- contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
- type: boolean
- type: object
- csi:
- description: CSI (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: Driver is the name of the CSI driver
- that handles this volume. Consult with your
- admin for the correct name as registered in
- the cluster.
- type: string
- fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI driver
- which will determine the default filesystem
- to apply.
- type: string
- nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to complete
- the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be
- empty if no secret is required. If the secret
- object contains more than one secret, all
- secret references are passed.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: VolumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for supported
- values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: DownwardAPI represents downward API
- about the pod that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward API
- volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created.
- Must not be absolute or contain the
- ''..'' path. Must be utf-8 encoded.
- The first item of the relative path
- must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are
- currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: 'EmptyDir represents a temporary directory
- that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which
- means to use the node''s default medium. Must
- be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: 'Total amount of local storage
- required for this EmptyDir volume. The size
- limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir
- would be the minimum value between the SizeLimit
- specified here and the sum of memory limits
- of all containers in a pod. The default is
- nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "Ephemeral represents a volume that
- is handled by a cluster storage driver. The volume's
- lifecycle is tied to the pod that defines it -
- it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c)
- the storage driver is specified through a storage
- class, and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type and
- PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle of
- an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of
- the driver for more information. \n A pod can
- use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature
- and only available when the GenericEphemeralVolume
- feature gate is enabled."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in which
- this EphemeralVolumeSource is embedded will
- be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name
- of the PVC will be `<pod name>-<volume name>`
- where `<volume name>` is the name from the
- `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
- \n An existing PVC with that name that is
- not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume
- by mistake. Starting the pod is then blocked
- until the unrelated PVC is removed. If such
- a pre-created PVC is meant to be used by the
- pod, the PVC has to updated with an owner
- reference to the pod once the pod exists.
- Normally this should not be necessary, but
- it may be useful when manually reconstructing
- a broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n Required,
- must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged
- into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: 'AccessModes contains the
- desired access modes the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: 'This field can be used
- to specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that
- implements data population (Alpha)
- In order to use custom resource types
- that implement data population, the
- AnyVolumeDataSource feature gate must
- be enabled. If the provisioner or
- an external controller can support
- the specified data source, it will
- create a new volume based on the contents
- of the specified data source.'
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: 'Resources represents the
- minimum resources the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the
- maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container, it
- defaults to Limits if that is
- explicitly specified, otherwise
- to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- selector:
- description: A label query over volumes
- to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- storageClassName:
- description: 'Name of the StorageClass
- required by the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
- type: string
- volumeName:
- description: VolumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: FC represents a Fibre Channel resource
- that is attached to a kubelet's host machine and
- then exposed to the pod.
- properties:
- fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- lun:
- description: 'Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'Optional: FC target worldwide
- names (WWNs)'
- items:
- type: string
- type: array
- wwids:
- description: 'Optional: FC volume world wide
- identifiers (wwids) Either wwids or combination
- of targetWWNs and lun must be set, but not
- both simultaneously.'
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: FlexVolume represents a generic volume
- resource that is provisioned/attached using an
- exec based plugin.
- properties:
- driver:
- description: Driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- The default filesystem depends on FlexVolume
- script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'Optional: Extra command options
- if any.'
- type: object
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'Optional: SecretRef is reference
- to the secret object containing sensitive
- information to pass to the plugin scripts.
- This may be empty if no secret object is specified.
- If the secret object contains more than one
- secret, all secrets are passed to the plugin
- scripts.'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- required:
- - driver
- type: object
- flocker:
- description: Flocker represents a Flocker volume
- attached to a kubelet's host machine. This depends
- on the Flocker control service being running
- properties:
- datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should
- be considered as deprecated
- type: string
- datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE
- Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'Unique name of the PD resource
- in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'GitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with a
- git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod''s container.'
- properties:
- directory:
- description: Target directory name. Must not
- contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the
- git repository in the subdirectory with the
- given name.
- type: string
- repository:
- description: Repository URL
- type: string
- revision:
- description: Commit hash for the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
- on the host that shares a pod''s lifetime. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'EndpointsName is the endpoint
- name that details Glusterfs topology. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'Path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'ReadOnly here will force the Glusterfs
- volume to be mounted with read-only permissions.
- Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'HostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write.'
- properties:
- path:
- description: 'Path of the directory on the host.
- If the path is a symlink, it will follow the
- link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'Type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
- that is attached to a kubelet''s host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: whether support iSCSI Discovery
- CHAP authentication
- type: boolean
- chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
- type: boolean
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- initiatorName:
- description: Custom iSCSI Initiator Name. If
- initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface <target
- portal>:<volume name> will be created for
- the connection.
- type: string
- iqn:
- description: Target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iSCSI Interface Name that uses
- an iSCSI transport. Defaults to 'default'
- (tcp).
- type: string
- lun:
- description: iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: ReadOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: CHAP Secret for iSCSI target and
- initiator authentication
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- targetPortal:
- description: iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'Volume''s name. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'NFS represents an NFS mount on the
- host that shares a pod''s lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'Path that is exported by the NFS
- server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'ReadOnly here will force the NFS
- export to be mounted with read-only permissions.
- Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'Server is the hostname or IP address
- of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: Will force the ReadOnly setting
- in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets
- host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: ID that identifies Photon Controller
- persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: PortworxVolume represents a portworx
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: FSType represents the filesystem
- type to mount Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- volumeID:
- description: VolumeID uniquely identifies a
- Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
- properties:
- defaultMode:
- description: Mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options that
- affect the file mode, like fsGroup, and the
- result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: information about the configMap
- data to project
- properties:
- items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced ConfigMap will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the ConfigMap, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- downwardAPI:
- description: information about the downwardAPI
- data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile
- represents information to create
- the file containing the pod field
- properties:
- fieldRef:
- description: 'Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace
- are supported.'
- properties:
- apiVersion:
- description: Version of
- the schema the FieldPath
- is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the
- field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file, must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path
- is the relative path name
- of the file to be created.
- Must not be absolute or contain
- the ''..'' path. Must be utf-8
- encoded. The first item of
- the relative path must not
- start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are currently
- supported.'
- properties:
- containerName:
- description: 'Container
- name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the
- output format of the exposed
- resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required:
- resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: information about the secret
- data to project
- properties:
- items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced Secret will be
- projected into the volume as a file
- whose name is the key and content
- is the value. If specified, the
- listed keys will be projected into
- the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the Secret, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- type: object
- serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
- properties:
- audience:
- description: Audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and otherwise
- should reject the token. The audience
- defaults to the identifier of the
- apiserver.
- type: string
- expirationSeconds:
- description: ExpirationSeconds is
- the requested duration of validity
- of the service account token. As
- the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token.
- The kubelet will start trying to
- rotate the token if the token is
- older than 80 percent of its time
- to live or if the token is older
- than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: Path is the path relative
- to the mount point of the file to
- project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: Quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: Group to map volume access to Default
- is no group
- type: string
- readOnly:
- description: ReadOnly here will force the Quobyte
- volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: Registry represents a single or
- multiple Quobyte Registry services specified
- as a string as host:port pair (multiple entries
- are separated with commas) which acts as the
- central registry for volumes
- type: string
- tenant:
- description: Tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
- type: string
- user:
- description: User to map volume access to Defaults
- to serivceaccount user
- type: string
- volume:
- description: Volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'RBD represents a Rados Block Device
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- image:
- description: 'The rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'Keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'A collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
- type: string
- type: array
- pool:
- description: 'The rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'SecretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- user:
- description: 'The rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: ScaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
- type: string
- gateway:
- description: The host address of the ScaleIO
- API Gateway.
- type: string
- protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation will
- fail.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
- type: boolean
- storageMode:
- description: Indicates whether the storage for
- a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
- type: string
- system:
- description: The name of the storage system
- as configured in ScaleIO.
- type: string
- volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'Secret represents a secret that should
- populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced Secret
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret, the volume
- setup will error unless it is marked optional.
- Paths must be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: Specify whether the Secret or its
- keys must be defined
- type: boolean
- secretName:
- description: 'Name of the secret in the pod''s
- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: StorageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- volumeName:
- description: VolumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
- type: string
- volumeNamespace:
- description: VolumeNamespace specifies the scope
- of the volume within StorageOS. If no namespace
- is specified then the Pod's namespace will
- be used. This allows the Kubernetes name
- scoping to be mirrored within StorageOS for
- tighter integration. Set VolumeName to any
- name to override the default behaviour. Set
- to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: VsphereVolume represents a vSphere
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: Storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: Storage Policy Based Management
- (SPBM) profile name.
- type: string
- volumePath:
- description: Path that identifies vSphere volume
- vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- required:
- - containers
- type: object
- type: object
- required:
- - selector
- - template
- type: object
- trackingWorkers:
- items:
- description: TrackingWorker describes the data a tracking worker
- should have
- properties:
- template:
- description: PodTemplateSpec describes the data a pod should
- have when created from a template
- properties:
- metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
- type: object
- spec:
- description: 'Specification of the desired behavior of the
- pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before
- the system will actively try to mark it failed and
- kill associated containers. Value must be a positive
- integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose
- a node that violates one or more of the expressions.
- The node that is most preferred is the one
- with the greatest sum of weights, i.e. for
- each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum
- by iterating through the elements of this
- field and adding "weight" to the sum if the
- node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: An empty preferred scheduling
- term matches all objects with implicit weight
- 0 (i.e. it's a no-op). A null preferred
- scheduling term matches no objects (i.e.
- is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- weight:
- description: Weight associated with matching
- the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by
- this field cease to be met at some point during
- pod execution (e.g. due to an update), the
- system may or may not try to eventually evict
- the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector
- terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt,
- and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is
- In or NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty.
- If the operator is Gt or Lt,
- the values array must have
- a single element, which will
- be interpreted as an integer.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- type: array
- required:
- - nodeSelectorTerms
- type: object
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules
- (e.g. co-locate this pod in the same node, zone,
- etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose
- a node that violates one or more of the expressions.
- The node that is most preferred is the one
- with the greatest sum of weights, i.e. for
- each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum
- by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: A label query over a
- set of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term
- applies to. The term is applied
- to the union of the namespaces selected
- by this field and the ones listed
- in the namespaces field. null selector
- and null or empty namespaces list
- means "this pod's namespace". An
- empty selector ({}) matches all
- namespaces. This field is alpha-level
- and is only honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies
- a static list of namespace names
- that the term applies to. The term
- is applied to the union of the namespaces
- listed in this field and the ones
- selected by namespaceSelector. null
- or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running
- on a node whose value of the label
- with key topologyKey matches that
- of any node on which any of the
- selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by
- this field cease to be met at some point during
- pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely
- those matching the labelSelector relative
- to the given namespace(s)) that this pod
- should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is
- defined as running on a node whose value
- of the label with key <topologyKey> matches
- that of any node on which a pod of the set
- of pods is running
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a
- list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this field
- and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- This field is alpha-level and is only
- honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is a
- list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most
- preferred is the one with the greatest sum
- of weights, i.e. for each node that meets
- all of the scheduling requirements (resource
- request, requiredDuringScheduling anti-affinity
- expressions, etc.), compute a sum by iterating
- through the elements of this field and adding
- "weight" to the sum if the node has pods which
- matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: A label query over a
- set of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term
- applies to. The term is applied
- to the union of the namespaces selected
- by this field and the ones listed
- in the namespaces field. null selector
- and null or empty namespaces list
- means "this pod's namespace". An
- empty selector ({}) matches all
- namespaces. This field is alpha-level
- and is only honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies
- a static list of namespace names
- that the term applies to. The term
- is applied to the union of the namespaces
- listed in this field and the ones
- selected by namespaceSelector. null
- or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running
- on a node whose value of the label
- with key topologyKey matches that
- of any node on which any of the
- selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to
- eventually evict the pod from its node. When
- there are multiple elements, the lists of
- nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
- items:
- description: Defines a set of pods (namely
- those matching the labelSelector relative
- to the given namespace(s)) that this pod
- should be co-located (affinity) or not co-located
- (anti-affinity) with, where co-located is
- defined as running on a node whose value
- of the label with key <topologyKey> matches
- that of any node on which a pod of the set
- of pods is running
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a
- list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this field
- and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's namespace".
- An empty selector ({}) matches all namespaces.
- This field is alpha-level and is only
- honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is a
- list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values
- array must be non-empty. If
- the operator is Exists or
- DoesNotExist, the values array
- must be empty. This array
- is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's
- namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates
- whether a service account token should be automatically
- mounted.
- type: boolean
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be
- updated.
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The
- docker image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to
- set in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if value
- is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event when
- the container is starting. When a key exists
- in multiple sources, the value associated with
- the last source will take precedence. Values
- defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be
- a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level
- config management to default or override container
- images in workload controllers like Deployments
- and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies
- the action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not
- yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the pod
- IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is
- not called if the container crashes or exits.
- The reason for termination is passed to
- the handler. The Pod''s termination grace
- period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination
- grace period. Other management of the container
- blocks until the hook completes or until
- the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies
- the action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not
- yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the pod
- IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the
- container. Exposing a port here gives the system
- additional information about the network connections
- a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent
- that port from being exposed. Any port which
- is listening on the default "0.0.0.0" address
- inside a container will be accessible from the
- network. Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on
- the pod's IP address. This must be a valid
- port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on
- the host. If specified, this must be a
- valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If
- Requests is omitted for a container, it
- defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should
- run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1)
- run as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults
- to false.
- type: boolean
- procMount:
- description: procMount denotes the type of
- proc mount to use for the containers. The
- default is DefaultProcMount which uses the
- container runtime defaults for readonly
- paths and masked paths. This requires the
- ProcMountType feature flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a
- read-only root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true, the
- Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0
- (root) and fail to start the container if
- it does. If unset or false, no such validation
- will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to user
- specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by
- this container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be
- preconfigured on the node to work. Must
- be a descending path, relative to the
- kubelet's configured seccomp profile
- location. Must only be set if type is
- "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost - a
- profile defined in a file on the node
- should be used. RuntimeDefault - the
- container runtime default profile should
- be used. Unconfined - no profile should
- be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is
- the name of the GMSA credential spec
- to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the
- Pod has successfully initialized. If specified,
- no other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe
- parameters at the beginning of a Pod''s lifecycle,
- when it might take a long time to load data
- or warm a cache, than during steady-state operation.
- This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until
- the first client attaches to stdin, and then
- remains open and accepts data until the client
- disconnects, at which time stdin is closed and
- remains closed until the container is restarted.
- If this flag is false, a container processes
- that reads from stdin will never receive an
- EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to be
- brief final status, such as an assertion failure
- message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults
- to /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure.
- FallbackToLogsOnError will use the last chunk
- of container log output if the termination message
- file is empty and the container exited with
- an error. The log output is limited to 2048
- bytes or 80 lines, whichever is smaller. Defaults
- to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will
- be mapped to.
- type: string
- name:
- description: name must match the name of
- a persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of
- a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from
- which the container's volume should be
- mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If
- not specified, the container runtime's default
- will be used, which might be configured in the
- container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod.
- Parameters specified here will be merged to the generated
- DNS configuration based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers
- generated from DNSPolicy. Duplicated nameservers
- will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated
- from DNSPolicy. Duplicated entries will be removed.
- Resolution options given in Options will override
- those that appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver
- options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to
- "ClusterFirst". Valid values are 'ClusterFirstWithHostNet',
- 'ClusterFirst', 'Default' or 'None'. DNS parameters
- given in DNSConfig will be merged with the policy
- selected with DNSPolicy. To have DNS options set along
- with hostNetwork, you have to specify DNS policy explicitly
- to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: 'EnableServiceLinks indicates whether information
- about services should be injected into pod''s environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true.'
- type: boolean
- ephemeralContainers:
- description: List of ephemeral containers run in this
- pod. Ephemeral containers may be run in an existing
- pod to perform user-initiated actions such as debugging.
- This list cannot be specified when creating a pod,
- and it cannot be modified by updating the pod spec.
- In order to add an ephemeral container to an existing
- pod, use the pod's ephemeralcontainers subresource.
- This field is alpha-level and is only honored by servers
- that enable the EphemeralContainers feature.
- items:
- description: An EphemeralContainer is a container
- that may be added temporarily to an existing pod
- for user-initiated activities such as debugging.
- Ephemeral containers have no resource or scheduling
- guarantees, and they will not be restarted when
- they exit or when a pod is removed or restarted.
- If an ephemeral container causes a pod to exceed
- its resource allocation, the pod may be evicted.
- Ephemeral containers may not be added by directly
- updating the pod spec. They must be added via the
- pod's ephemeralcontainers subresource, and they
- will appear in the pod spec once added. This is
- an alpha feature enabled by the EphemeralContainers
- feature flag.
- properties:
- args:
- description: 'Arguments to the entrypoint. The
- docker image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to
- set in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if value
- is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event when
- the container is starting. When a key exists
- in multiple sources, the value associated with
- the last source will take precedence. Values
- defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be
- a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Lifecycle is not allowed for ephemeral
- containers.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies
- the action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not
- yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the pod
- IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is
- not called if the container crashes or exits.
- The reason for termination is passed to
- the handler. The Pod''s termination grace
- period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination
- grace period. Other management of the container
- blocks until the hook completes or until
- the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies
- the action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not
- yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the pod
- IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the ephemeral container specified
- as a DNS_LABEL. This name must be unique among
- all containers, init containers and ephemeral
- containers.
- type: string
- ports:
- description: Ports are not allowed for ephemeral
- containers.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on
- the pod's IP address. This must be a valid
- port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on
- the host. If specified, this must be a
- valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: Resources are not allowed for ephemeral
- containers. Ephemeral containers use spare resources
- already allocated to the pod.
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If
- Requests is omitted for a container, it
- defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: SecurityContext is not allowed for
- ephemeral containers.
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1)
- run as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults
- to false.
- type: boolean
- procMount:
- description: procMount denotes the type of
- proc mount to use for the containers. The
- default is DefaultProcMount which uses the
- container runtime defaults for readonly
- paths and masked paths. This requires the
- ProcMountType feature flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a
- read-only root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true, the
- Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0
- (root) and fail to start the container if
- it does. If unset or false, no such validation
- will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to user
- specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by
- this container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be
- preconfigured on the node to work. Must
- be a descending path, relative to the
- kubelet's configured seccomp profile
- location. Must only be set if type is
- "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost - a
- profile defined in a file on the node
- should be used. RuntimeDefault - the
- container runtime default profile should
- be used. Unconfined - no profile should
- be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is
- the name of the GMSA credential spec
- to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until
- the first client attaches to stdin, and then
- remains open and accepts data until the client
- disconnects, at which time stdin is closed and
- remains closed until the container is restarted.
- If this flag is false, a container processes
- that reads from stdin will never receive an
- EOF. Default is false
- type: boolean
- targetContainerName:
- description: If set, the name of the container
- from PodSpec that this ephemeral container targets.
- The ephemeral container will be run in the namespaces
- (IPC, PID, etc) of this container. If not set
- then the ephemeral container is run in whatever
- namespaces are shared for the pod. Note that
- the container runtime must support this feature.
- type: string
- terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to be
- brief final status, such as an assertion failure
- message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults
- to /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure.
- FallbackToLogsOnError will use the last chunk
- of container log output if the termination message
- file is empty and the container exited with
- an error. The log output is limited to 2048
- bytes or 80 lines, whichever is smaller. Defaults
- to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will
- be mapped to.
- type: string
- name:
- description: name must match the name of
- a persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of
- a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from
- which the container's volume should be
- mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If
- not specified, the container runtime's default
- will be used, which might be configured in the
- container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts
- file if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry
- in the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: 'Use the host''s ipc namespace. Optional:
- Default to false.'
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod.
- Use the host's network namespace. If this option is
- set, the ports that will be used must be specified.
- Default to false.
- type: boolean
- hostPID:
- description: 'Use the host''s pid namespace. Optional:
- Default to false.'
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
- type: string
- imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use
- for pulling any of the images used by this PodSpec.
- If specified, these secrets will be passed to individual
- puller implementations for them to use. For example,
- in the case of docker, only DockerConfig type secrets
- are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
- items:
- description: LocalObjectReference contains enough
- information to let you locate the referenced object
- inside the same namespace.
- properties:
- name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- type: object
- type: array
- initContainers:
- description: 'List of initialization containers belonging
- to the pod. Init containers are executed in order
- prior to containers being started. If any init container
- fails, the pod is considered to have failed and is
- handled according to its restartPolicy. The name for
- an init container or normal container must be unique
- among all containers. Init containers may not have
- Lifecycle actions, Readiness probes, Liveness probes,
- or Startup probes. The resourceRequirements of an
- init container are taken into account during scheduling
- by finding the highest request/limit for each resource
- type, and then using the max of of that value or the
- sum of the normal containers. Limits are applied to
- init containers in a similar fashion. Init containers
- cannot currently be added or removed. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The
- docker image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. The $(VAR_NAME) syntax
- can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- The $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to
- set in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if value
- is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event when
- the container is starting. When a key exists
- in multiple sources, the value associated with
- the last source will take precedence. Values
- defined by an Env with a duplicate key will
- take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be
- a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level
- config management to default or override container
- images in workload controllers like Deployments
- and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies
- the action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not
- yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the pod
- IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is
- not called if the container crashes or exits.
- The reason for termination is passed to
- the handler. The Pod''s termination grace
- period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination
- grace period. Other management of the container
- blocks until the hook completes or until
- the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies
- the action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it
- is not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not
- yet supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the pod
- IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1 to
- 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the
- container. Exposing a port here gives the system
- additional information about the network connections
- a container uses, but is primarily informational.
- Not specifying a port here DOES NOT prevent
- that port from being exposed. Any port which
- is listening on the default "0.0.0.0" address
- inside a container will be accessible from the
- network. Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on
- the pod's IP address. This must be a valid
- port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on
- the host. If specified, this must be a
- valid port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If
- Requests is omitted for a container, it
- defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should
- run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1)
- run as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by the
- container runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults
- to false.
- type: boolean
- procMount:
- description: procMount denotes the type of
- proc mount to use for the containers. The
- default is DefaultProcMount which uses the
- container runtime defaults for readonly
- paths and masked paths. This requires the
- ProcMountType feature flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a
- read-only root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true, the
- Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0
- (root) and fail to start the container if
- it does. If unset or false, no such validation
- will be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to user
- specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in
- PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by
- this container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be
- preconfigured on the node to work. Must
- be a descending path, relative to the
- kubelet's configured seccomp profile
- location. Must only be set if type is
- "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost - a
- profile defined in a file on the node
- should be used. RuntimeDefault - the
- container runtime default profile should
- be used. Unconfined - no profile should
- be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is
- the name of the GMSA credential spec
- to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the
- Pod has successfully initialized. If specified,
- no other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe
- parameters at the beginning of a Pod''s lifecycle,
- when it might take a long time to load data
- or warm a cache, than during steady-state operation.
- This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed after
- having succeeded. Defaults to 3. Minimum
- value is 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness probes
- are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic TCP
- lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully upon
- probe failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly
- halted with a kill signal. Set this value
- longer than the expected cleanup time for
- your process. If this value is nil, the
- pod's terminationGracePeriodSeconds will
- be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is an alpha field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until
- the first client attaches to stdin, and then
- remains open and accepts data until the client
- disconnects, at which time stdin is closed and
- remains closed until the container is restarted.
- If this flag is false, a container processes
- that reads from stdin will never receive an
- EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to be
- brief final status, such as an assertion failure
- message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across
- all containers will be limited to 12kb. Defaults
- to /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure.
- FallbackToLogsOnError will use the last chunk
- of container log output if the termination message
- file is empty and the container exited with
- an error. The log output is limited to 2048
- bytes or 80 lines, whichever is smaller. Defaults
- to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will
- be mapped to.
- type: string
- name:
- description: name must match the name of
- a persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of
- a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from
- which the container's volume should be
- mounted. Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If
- not specified, the container runtime's default
- will be used, which might be configured in the
- container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this
- pod onto a specific node. If it is non-empty, the
- scheduler simply schedules this pod onto that node,
- assuming that it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: 'NodeSelector is a selector which must
- be true for the pod to fit on a node. Selector which
- must match a node''s labels for the pod to be scheduled
- on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time
- by the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not
- be set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set
- to the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md
- This field is alpha-level as of Kubernetes v1.16,
- and is only honored by servers that enable the PodOverhead
- feature.'
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset. This field
- is beta-level, gated by the NonPreemptingPriority
- feature-gate.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will
- be evaluated for pod readiness. A pod is ready when
- all its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True"
- More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- restartPolicy:
- description: 'Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset
- or empty, the "legacy" RuntimeClass will be used,
- which is an implicit class with an empty definition
- that uses the default runtime handler. More info:
- https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
- This is a beta feature as of Kubernetes v1.14.'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod
- will be dispatched by default scheduler.
- type: string
- securityContext:
- description: 'SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field.'
- properties:
- fsGroup:
- description: "A special supplemental group that
- applies to all containers in a pod. Some volume
- types allow the Kubelet to change the ownership
- of that volume to be owned by the pod: \n 1. The
- owning GID will be the FSGroup 2. The setgid bit
- is set (new files created in the volume will be
- owned by FSGroup) 3. The permission bits are OR'd
- with rw-rw---- \n If unset, the Kubelet will not
- modify the ownership and permissions of any volume."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have
- no effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in
- both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence
- for that container.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will
- validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start
- the container if it does. If unset or false, no
- such validation will be performed. May also be
- set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in
- SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in
- SecurityContext takes precedence for that container.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file
- on the node should be used. RuntimeDefault
- - the container runtime default profile should
- be used. Unconfined - no profile should be
- applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to
- the container's primary GID. If unspecified,
- no groups will be added to any container.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- items:
- description: Sysctl defines a kernel parameter
- to be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- within a container's SecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to run
- the entrypoint of the container process. Defaults
- to the user specified in image metadata if
- unspecified. May also be set in PodSecurityContext.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: string
- type: object
- type: object
- serviceAccount:
- description: 'DeprecatedServiceAccount is a depreciated
- alias for ServiceAccountName. Deprecated: Use serviceAccountName
- instead.'
- type: string
- serviceAccountName:
- description: 'ServiceAccountName is the name of the
- ServiceAccount to use to run this pod. More info:
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the
- default). In Linux containers, this means setting
- the FQDN in the hostname field of the kernel (the
- nodename field of struct utsname). In Windows containers,
- this means setting the registry value of hostname
- for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no
- effect. Default to false.
- type: boolean
- shareProcessNamespace:
- description: 'Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process
- in each container will not be assigned PID 1. HostPID
- and ShareProcessNamespace cannot both be set. Optional:
- Default to false.'
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster
- domain>". If not specified, the pod will not have
- a domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The
- grace period is the duration in seconds after the
- processes running in the pod are sent a termination
- signal and the time when the processes are forcibly
- halted with a kill signal. Set this value longer than
- the expected cleanup time for your process. Defaults
- to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple <key,value,effect>
- using the matching operator <operator>.
- properties:
- effect:
- description: Effect indicates the taint effect
- to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule,
- PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and
- Equal. Defaults to Equal. Exists is equivalent
- to wildcard for value, so that a pod can tolerate
- all taints of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the
- period of time the toleration (which must be
- of effect NoExecute, otherwise this field is
- ignored) tolerates the taint. By default, it
- is not set, which means tolerate the taint forever
- (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how
- a group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides
- by the constraints. All topologySpreadConstraints
- are ANDed.
- items:
- description: TopologySpreadConstraint specifies how
- to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of
- label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a
- key, and an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only
- "value". The requirements are ANDed.
- type: object
- type: object
- maxSkew:
- description: 'MaxSkew describes the degree to
- which pods may be unevenly distributed. When
- `whenUnsatisfiable=DoNotSchedule`, it is the
- maximum permitted difference between the number
- of matching pods in the target topology and
- the global minimum. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with
- the same labelSelector spread as 1/1/0: | zone1
- | zone2 | zone3 | | P | P | |
- - if MaxSkew is 1, incoming pod can only be
- scheduled to zone3 to become 1/1/1; scheduling
- it onto zone1(zone2) would make the ActualSkew(2-0)
- on zone1(zone2) violate MaxSkew(1). - if MaxSkew
- is 2, incoming pod can be scheduled onto any
- zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It''s a required field. Default
- value is 1 and 0 is not allowed.'
- format: int32
- type: integer
- topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each <key, value> as a "bucket",
- and try to put balanced number of pods into
- each bucket. It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how
- to deal with a pod if it doesn''t satisfy the
- spread constraint. - DoNotSchedule (default)
- tells the scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to
- topologies that would help reduce the skew.
- A constraint is considered "Unsatisfiable" for
- an incoming pod if and only if every possible
- node assigment for that pod would violate "MaxSkew"
- on some topology. For example, in a 3-zone cluster,
- MaxSkew is set to 1, and pods with the same
- labelSelector spread as 3/1/1: | zone1 | zone2
- | zone3 | | P P P | P | P | If WhenUnsatisfiable
- is set to DoNotSchedule, incoming pod can only
- be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
- as ActualSkew(2-1) on zone2(zone3) satisfies
- MaxSkew(1). In other words, the cluster can
- still be imbalanced, but scheduler won''t make
- it *more* imbalanced. It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: 'List of volumes that can be mounted by
- containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
- items:
- description: Volume represents a named volume in a
- pod that may be accessed by any container in the
- pod.
- properties:
- awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents
- an AWS Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that
- the filesystem type is supported by the
- host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'The partition in the volume
- that you want to mount. If omitted, the
- default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition
- for /dev/sda is "0" (or you can leave the
- property empty).'
- format: int32
- type: integer
- readOnly:
- description: 'Specify "true" to force and
- set the ReadOnly property in VolumeMounts
- to "true". If omitted, the default is "false".
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'Unique ID of the persistent
- disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: AzureDisk represents an Azure Data
- Disk mount on the host and bind mount to the
- pod.
- properties:
- cachingMode:
- description: 'Host Caching mode: None, Read
- Only, Read Write.'
- type: string
- diskName:
- description: The Name of the data disk in
- the blob storage
- type: string
- diskURI:
- description: The URI the data disk in the
- blob storage
- type: string
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'Expected values Shared: multiple
- blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed
- availability set). defaults to shared'
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: AzureFile represents an Azure File
- Service mount on the host and bind mount to
- the pod.
- properties:
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretName:
- description: the name of secret that contains
- Azure Storage Account Name and Key
- type: string
- shareName:
- description: Share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: CephFS represents a Ceph FS mount
- on the host that shares a pod's lifetime
- properties:
- monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
- type: string
- type: array
- path:
- description: 'Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
- type: string
- readOnly:
- description: 'Optional: Defaults to false
- (read/write). ReadOnly here will force the
- ReadOnly setting in VolumeMounts. More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'Optional: SecretFile is the
- path to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'Optional: SecretRef is reference
- to the authentication secret for User, default
- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- user:
- description: 'Optional: User is the rados
- user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'Cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'Optional: Defaults to false
- (read/write). ReadOnly here will force the
- ReadOnly setting in VolumeMounts. More info:
- https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'Optional: points to a secret
- object containing parameters used to connect
- to OpenStack.'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- volumeID:
- description: 'volume id used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: ConfigMap represents a configMap
- that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits used to
- set permissions on created files by default.
- Must be an octal value between 0000 and
- 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values,
- JSON requires decimal values for mode bits.
- Defaults to 0644. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced
- ConfigMap will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the ConfigMap, the volume setup will
- error unless it is marked optional. Paths
- must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and
- 0777 or a decimal value between 0
- and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode,
- like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the
- file to map the key to. May not be
- an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- csi:
- description: CSI (Container Storage Interface)
- represents ephemeral storage that is handled
- by certain external CSI drivers (Beta feature).
- properties:
- driver:
- description: Driver is the name of the CSI
- driver that handles this volume. Consult
- with your admin for the correct name as
- registered in the cluster.
- type: string
- fsType:
- description: Filesystem type to mount. Ex.
- "ext4", "xfs", "ntfs". If not provided,
- the empty value is passed to the associated
- CSI driver which will determine the default
- filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to
- complete the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may
- be empty if no secret is required. If the
- secret object contains more than one secret,
- all secret references are passed.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: VolumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for
- supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: DownwardAPI represents downward API
- about the pod that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value
- between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644.
- Directories within the path are not affected
- by this setting. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward API
- volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and
- 0777 or a decimal value between 0
- and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode,
- like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the
- relative path name of the file to
- be created. Must not be absolute or
- contain the ''..'' path. Must be utf-8
- encoded. The first item of the relative
- path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env
- vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: 'EmptyDir represents a temporary
- directory that shares a pod''s lifetime. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'What type of storage medium
- should back this directory. The default
- is "" which means to use the node''s default
- medium. Must be an empty string (default)
- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: 'Total amount of local storage
- required for this EmptyDir volume. The size
- limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir
- would be the minimum value between the SizeLimit
- specified here and the sum of memory limits
- of all containers in a pod. The default
- is nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "Ephemeral represents a volume that
- is handled by a cluster storage driver. The
- volume's lifecycle is tied to the pod that defines
- it - it will be created before the pod starts,
- and deleted when the pod is removed. \n Use
- this if: a) the volume is only needed while
- the pod runs, b) features of normal volumes
- like restoring from snapshot or capacity tracking
- are needed, c) the storage driver is specified
- through a storage class, and d) the storage
- driver supports dynamic volume provisioning
- through a PersistentVolumeClaim (see EphemeralVolumeSource
- for more information on the connection between
- this volume type and PersistentVolumeClaim).
- \n Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than
- the lifecycle of an individual pod. \n Use CSI
- for light-weight local ephemeral volumes if
- the CSI driver is meant to be used that way
- - see the documentation of the driver for more
- information. \n A pod can use both types of
- ephemeral volumes and persistent volumes at
- the same time. \n This is a beta feature and
- only available when the GenericEphemeralVolume
- feature gate is enabled."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in
- which this EphemeralVolumeSource is embedded
- will be the owner of the PVC, i.e. the PVC
- will be deleted together with the pod. The
- name of the PVC will be `<pod name>-<volume
- name>` where `<volume name>` is the name
- from the `PodSpec.Volumes` array entry.
- Pod validation will reject the pod if the
- concatenated name is not valid for a PVC
- (for example, too long). \n An existing
- PVC with that name that is not owned by
- the pod will *not* be used for the pod to
- avoid using an unrelated volume by mistake.
- Starting the pod is then blocked until the
- unrelated PVC is removed. If such a pre-created
- PVC is meant to be used by the pod, the
- PVC has to updated with an owner reference
- to the pod once the pod exists. Normally
- this should not be necessary, but it may
- be useful when manually reconstructing a
- broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n
- Required, must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
- type: object
- spec:
- description: The specification for the
- PersistentVolumeClaim. The entire content
- is copied unchanged into the PVC that
- gets created from this template. The
- same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: 'AccessModes contains
- the desired access modes the volume
- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: 'This field can be used
- to specify either: * An existing
- VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that
- implements data population (Alpha)
- In order to use custom resource
- types that implement data population,
- the AnyVolumeDataSource feature
- gate must be enabled. If the provisioner
- or an external controller can support
- the specified data source, it will
- create a new volume based on the
- contents of the specified data source.'
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any
- other third-party types, APIGroup
- is required.
- type: string
- kind:
- description: Kind is the type
- of resource being referenced
- type: string
- name:
- description: Name is the name
- of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: 'Resources represents
- the minimum resources the volume
- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes
- the maximum amount of compute
- resources allowed. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container,
- it defaults to Limits if that
- is explicitly specified, otherwise
- to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- selector:
- description: A label query over volumes
- to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a key,
- and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid
- operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In
- or NotIn, the values array
- must be non-empty. If
- the operator is Exists
- or DoesNotExist, the values
- array must be empty. This
- array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a
- map of {key,value} pairs. A
- single {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator
- is "In", and the values array
- contains only "value". The requirements
- are ANDed.
- type: object
- type: object
- storageClassName:
- description: 'Name of the StorageClass
- required by the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
- type: string
- volumeName:
- description: VolumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: FC represents a Fibre Channel resource
- that is attached to a kubelet's host machine
- and then exposed to the pod.
- properties:
- fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- lun:
- description: 'Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: 'Optional: Defaults to false
- (read/write). ReadOnly here will force the
- ReadOnly setting in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'Optional: FC target worldwide
- names (WWNs)'
- items:
- type: string
- type: array
- wwids:
- description: 'Optional: FC volume world wide
- identifiers (wwids) Either wwids or combination
- of targetWWNs and lun must be set, but not
- both simultaneously.'
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: FlexVolume represents a generic volume
- resource that is provisioned/attached using
- an exec based plugin.
- properties:
- driver:
- description: Driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- The default filesystem depends on FlexVolume
- script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'Optional: Extra command options
- if any.'
- type: object
- readOnly:
- description: 'Optional: Defaults to false
- (read/write). ReadOnly here will force the
- ReadOnly setting in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'Optional: SecretRef is reference
- to the secret object containing sensitive
- information to pass to the plugin scripts.
- This may be empty if no secret object is
- specified. If the secret object contains
- more than one secret, all secrets are passed
- to the plugin scripts.'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- required:
- - driver
- type: object
- flocker:
- description: Flocker represents a Flocker volume
- attached to a kubelet's host machine. This depends
- on the Flocker control service being running
- properties:
- datasetName:
- description: Name of the dataset stored as
- metadata -> name on the dataset for Flocker
- should be considered as deprecated
- type: string
- datasetUUID:
- description: UUID of the dataset. This is
- unique identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE
- Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that
- the filesystem type is supported by the
- host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'The partition in the volume
- that you want to mount. If omitted, the
- default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition
- for /dev/sda is "0" (or you can leave the
- property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'Unique name of the PD resource
- in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'ReadOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'GitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with
- a git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod''s container.'
- properties:
- directory:
- description: Target directory name. Must not
- contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the
- git repository in the subdirectory with
- the given name.
- type: string
- repository:
- description: Repository URL
- type: string
- revision:
- description: Commit hash for the specified
- revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'Glusterfs represents a Glusterfs
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'EndpointsName is the endpoint
- name that details Glusterfs topology. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'Path is the Glusterfs volume
- path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'ReadOnly here will force the
- Glusterfs volume to be mounted with read-only
- permissions. Defaults to false. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'HostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write.'
- properties:
- path:
- description: 'Path of the directory on the
- host. If the path is a symlink, it will
- follow the link to the real path. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'Type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
- that is attached to a kubelet''s host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: whether support iSCSI Discovery
- CHAP authentication
- type: boolean
- chapAuthSession:
- description: whether support iSCSI Session
- CHAP authentication
- type: boolean
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that
- the filesystem type is supported by the
- host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- initiatorName:
- description: Custom iSCSI Initiator Name.
- If initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface <target
- portal>:<volume name> will be created for
- the connection.
- type: string
- iqn:
- description: Target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iSCSI Interface Name that uses
- an iSCSI transport. Defaults to 'default'
- (tcp).
- type: string
- lun:
- description: iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: iSCSI Target Portal List. The
- portal is either an IP or ip_addr:port if
- the port is other than default (typically
- TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: ReadOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false.
- type: boolean
- secretRef:
- description: CHAP Secret for iSCSI target
- and initiator authentication
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- targetPortal:
- description: iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'Volume''s name. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'NFS represents an NFS mount on the
- host that shares a pod''s lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'Path that is exported by the
- NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'ReadOnly here will force the
- NFS export to be mounted with read-only
- permissions. Defaults to false. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'Server is the hostname or IP
- address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: Will force the ReadOnly setting
- in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: PhotonPersistentDisk represents a
- PhotonController persistent disk attached and
- mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: ID that identifies Photon Controller
- persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: PortworxVolume represents a portworx
- volume attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: FSType represents the filesystem
- type to mount Must be a filesystem type
- supported by the host operating system.
- Ex. "ext4", "xfs". Implicitly inferred to
- be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- volumeID:
- description: VolumeID uniquely identifies
- a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
- properties:
- defaultMode:
- description: Mode bits used to set permissions
- on created files by default. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both
- octal and decimal values, JSON requires
- decimal values for mode bits. Directories
- within the path are not affected by this
- setting. This might be in conflict with
- other options that affect the file mode,
- like fsGroup, and the result can be other
- mode bits set.
- format: int32
- type: integer
- sources:
- description: list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: information about the configMap
- data to project
- properties:
- items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced ConfigMap will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and
- unlisted keys will not be present.
- If a key is specified which is
- not present in the ConfigMap,
- the volume setup will error unless
- it is marked optional. Paths must
- be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key
- to a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file. Must be an
- octal value between 0000
- and 0777 or a decimal value
- between 0 and 511. YAML
- accepts both octal and decimal
- values, JSON requires decimal
- values for mode bits. If
- not specified, the volume
- defaultMode will be used.
- This might be in conflict
- with other options that
- affect the file mode, like
- fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative
- path of the file to map
- the key to. May not be an
- absolute path. May not contain
- the path element '..'. May
- not start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its keys must be
- defined
- type: boolean
- type: object
- downwardAPI:
- description: information about the downwardAPI
- data to project
- properties:
- items:
- description: Items is a list of
- DownwardAPIVolume file
- items:
- description: DownwardAPIVolumeFile
- represents information to create
- the file containing the pod
- field
- properties:
- fieldRef:
- description: 'Required: Selects
- a field of the pod: only
- annotations, labels, name
- and namespace are supported.'
- properties:
- apiVersion:
- description: Version of
- the schema the FieldPath
- is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the
- field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file, must be an
- octal value between 0000
- and 0777 or a decimal value
- between 0 and 511. YAML
- accepts both octal and decimal
- values, JSON requires decimal
- values for mode bits. If
- not specified, the volume
- defaultMode will be used.
- This might be in conflict
- with other options that
- affect the file mode, like
- fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path
- is the relative path name
- of the file to be created.
- Must not be absolute or
- contain the ''..'' path.
- Must be utf-8 encoded. The
- first item of the relative
- path must not start with
- ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are
- currently supported.'
- properties:
- containerName:
- description: 'Container
- name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies
- the output format of
- the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required:
- resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: information about the secret
- data to project
- properties:
- items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced Secret will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and
- unlisted keys will not be present.
- If a key is specified which is
- not present in the Secret, the
- volume setup will error unless
- it is marked optional. Paths must
- be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key
- to a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file. Must be an
- octal value between 0000
- and 0777 or a decimal value
- between 0 and 511. YAML
- accepts both octal and decimal
- values, JSON requires decimal
- values for mode bits. If
- not specified, the volume
- defaultMode will be used.
- This might be in conflict
- with other options that
- affect the file mode, like
- fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative
- path of the file to map
- the key to. May not be an
- absolute path. May not contain
- the path element '..'. May
- not start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- type: object
- serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
- properties:
- audience:
- description: Audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and
- otherwise should reject the token.
- The audience defaults to the identifier
- of the apiserver.
- type: string
- expirationSeconds:
- description: ExpirationSeconds is
- the requested duration of validity
- of the service account token.
- As the token approaches expiration,
- the kubelet volume plugin will
- proactively rotate the service
- account token. The kubelet will
- start trying to rotate the token
- if the token is older than 80
- percent of its time to live or
- if the token is older than 24
- hours.Defaults to 1 hour and must
- be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: Path is the path relative
- to the mount point of the file
- to project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: Quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: Group to map volume access to
- Default is no group
- type: string
- readOnly:
- description: ReadOnly here will force the
- Quobyte volume to be mounted with read-only
- permissions. Defaults to false.
- type: boolean
- registry:
- description: Registry represents a single
- or multiple Quobyte Registry services specified
- as a string as host:port pair (multiple
- entries are separated with commas) which
- acts as the central registry for volumes
- type: string
- tenant:
- description: Tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
- type: string
- user:
- description: User to map volume access to
- Defaults to serivceaccount user
- type: string
- volume:
- description: Volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'RBD represents a Rados Block Device
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that
- the filesystem type is supported by the
- host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be
- "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- image:
- description: 'The rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'Keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'A collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
- type: string
- type: array
- pool:
- description: 'The rados pool name. Default
- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'ReadOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'SecretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- user:
- description: 'The rados user name. Default
- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: ScaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
- type: string
- gateway:
- description: The host address of the ScaleIO
- API Gateway.
- type: string
- protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation
- will fail.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
- type: boolean
- storageMode:
- description: Indicates whether the storage
- for a volume should be ThickProvisioned
- or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
- type: string
- system:
- description: The name of the storage system
- as configured in ScaleIO.
- type: string
- volumeName:
- description: The name of a volume already
- created in the ScaleIO system that is associated
- with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'Secret represents a secret that
- should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'Optional: mode bits used to
- set permissions on created files by default.
- Must be an octal value between 0000 and
- 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values,
- JSON requires decimal values for mode bits.
- Defaults to 0644. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced
- Secret will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the Secret, the volume setup will error
- unless it is marked optional. Paths must
- be relative and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and
- 0777 or a decimal value between 0
- and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode,
- like fsGroup, and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path of the
- file to map the key to. May not be
- an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: Specify whether the Secret or
- its keys must be defined
- type: boolean
- secretName:
- description: 'Name of the secret in the pod''s
- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: StorageOS represents a StorageOS
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- volumeName:
- description: VolumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
- type: string
- volumeNamespace:
- description: VolumeNamespace specifies the
- scope of the volume within StorageOS. If
- no namespace is specified then the Pod's
- namespace will be used. This allows the
- Kubernetes name scoping to be mirrored within
- StorageOS for tighter integration. Set VolumeName
- to any name to override the default behaviour.
- Set to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not
- pre-exist within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: VsphereVolume represents a vSphere
- volume attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: Storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: Storage Policy Based Management
- (SPBM) profile name.
- type: string
- volumePath:
- description: Path that identifies vSphere
- volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- required:
- - containers
- type: object
- type: object
- required:
- - template
- type: object
- type: array
- userWorker:
- description: UserWorker describes the data a user worker should have
- properties:
- template:
- description: PodTemplateSpec describes the data a pod should have
- when created from a template
- properties:
- metadata:
- description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
- type: object
- spec:
- description: 'Specification of the desired behavior of the
- pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before the
- system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules
- for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s)
- with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term
- matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling
- term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- weight:
- description: Weight associated with matching
- the corresponding nodeSelectorTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod
- from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector
- terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- type: array
- required:
- - nodeSelectorTerms
- type: object
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules
- (e.g. co-locate this pod in the same node, zone,
- etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces. This field
- is alpha-level and is only honored
- when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- <topologyKey> matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- This field is alpha-level and is only
- honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most preferred
- is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a
- sum by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces. This field
- is alpha-level and is only honored
- when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- <topologyKey> matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- This field is alpha-level and is only
- honored when PodAffinityNamespaceSelector
- feature is enabled.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace"
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether
- a service account token should be automatically mounted.
- type: boolean
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination
- grace period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination grace
- period. Other management of the container
- blocks until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Exposing a port here gives the system additional
- information about the network connections a container
- uses, but is primarily informational. Not specifying
- a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default
- "0.0.0.0" address inside a container will be accessible
- from the network. Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run
- with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod''s lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to
- which the container''s termination message will
- be written is mounted into the container''s filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers generated
- from DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated from
- DNSPolicy. Duplicated entries will be removed. Resolution
- options given in Options will override those that
- appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver
- options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig
- will be merged with the policy selected with DNSPolicy.
- To have DNS options set along with hostNetwork, you
- have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: 'EnableServiceLinks indicates whether information
- about services should be injected into pod''s environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true.'
- type: boolean
- ephemeralContainers:
- description: List of ephemeral containers run in this
- pod. Ephemeral containers may be run in an existing
- pod to perform user-initiated actions such as debugging.
- This list cannot be specified when creating a pod, and
- it cannot be modified by updating the pod spec. In order
- to add an ephemeral container to an existing pod, use
- the pod's ephemeralcontainers subresource. This field
- is alpha-level and is only honored by servers that enable
- the EphemeralContainers feature.
- items:
- description: An EphemeralContainer is a container that
- may be added temporarily to an existing pod for user-initiated
- activities such as debugging. Ephemeral containers
- have no resource or scheduling guarantees, and they
- will not be restarted when they exit or when a pod
- is removed or restarted. If an ephemeral container
- causes a pod to exceed its resource allocation, the
- pod may be evicted. Ephemeral containers may not be
- added by directly updating the pod spec. They must
- be added via the pod's ephemeralcontainers subresource,
- and they will appear in the pod spec once added. This
- is an alpha feature enabled by the EphemeralContainers
- feature flag.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Lifecycle is not allowed for ephemeral
- containers.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination
- grace period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination grace
- period. Other management of the container
- blocks until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the ephemeral container specified
- as a DNS_LABEL. This name must be unique among
- all containers, init containers and ephemeral
- containers.
- type: string
- ports:
- description: Ports are not allowed for ephemeral
- containers.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- readinessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: Resources are not allowed for ephemeral
- containers. Ephemeral containers use spare resources
- already allocated to the pod.
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: SecurityContext is not allowed for
- ephemeral containers.
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- targetContainerName:
- description: If set, the name of the container from
- PodSpec that this ephemeral container targets.
- The ephemeral container will be run in the namespaces
- (IPC, PID, etc) of this container. If not set
- then the ephemeral container is run in whatever
- namespaces are shared for the pod. Note that the
- container runtime must support this feature.
- type: string
- terminationMessagePath:
- description: 'Optional: Path at which the file to
- which the container''s termination message will
- be written is mounted into the container''s filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts file
- if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry in
- the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: 'Use the host''s ipc namespace. Optional:
- Default to false.'
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use
- the host's network namespace. If this option is set,
- the ports that will be used must be specified. Default
- to false.
- type: boolean
- hostPID:
- description: 'Use the host''s pid namespace. Optional:
- Default to false.'
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
- type: string
- imagePullSecrets:
- description: 'ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use for
- pulling any of the images used by this PodSpec. If specified,
- these secrets will be passed to individual puller implementations
- for them to use. For example, in the case of docker,
- only DockerConfig type secrets are honored. More info:
- https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the
- same namespace.
- properties:
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?'
- type: string
- type: object
- type: array
- initContainers:
- description: 'List of initialization containers belonging
- to the pod. Init containers are executed in order prior
- to containers being started. If any init container fails,
- the pod is considered to have failed and is handled
- according to its restartPolicy. The name for an init
- container or normal container must be unique among all
- containers. Init containers may not have Lifecycle actions,
- Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken
- into account during scheduling by finding the highest
- request/limit for each resource type, and then using
- the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The docker
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. The $(VAR_NAME) syntax can
- be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The docker image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. The $(VAR_NAME)
- syntax can be escaped with a double $$, ie: $$(VAR_NAME).
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previous defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. The
- $(VAR_NAME) syntax can be escaped with a
- double $$, ie: $$(VAR_NAME). Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- fieldRef:
- description: 'Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- type: object
- type: array
- image:
- description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The reason for termination
- is passed to the handler. The Pod''s termination
- grace period countdown begins before the PreStop
- hooked is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination grace
- period. Other management of the container
- blocks until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the
- action to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet
- supported TODO: implement a realistic
- TCP lifecycle hook'
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Exposing a port here gives the system additional
- information about the network connections a container
- uses, but is primarily informational. Not specifying
- a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default
- "0.0.0.0" address inside a container will be accessible
- from the network. Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'Security options the pod should run
- with. More info: https://kubernetes.io/docs/concepts/policy/security-context/
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN'
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod''s lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: One and only one of the following
- should be specified. Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: 'TCPSocket specifies an action
- involving a TCP port. TCP hooks not yet supported
- TODO: implement a realistic TCP lifecycle
- hook'
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is an
- alpha field and requires enabling ProbeTerminationGracePeriod
- feature gate.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file to
- which the container''s termination message will
- be written is mounted into the container''s filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod
- onto a specific node. If it is non-empty, the scheduler
- simply schedules this pod onto that node, assuming that
- it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: 'NodeSelector is a selector which must be
- true for the pod to fit on a node. Selector which must
- match a node''s labels for the pod to be scheduled on
- that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not be
- set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set to
- the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md
- This field is alpha-level as of Kubernetes v1.16, and
- is only honored by servers that enable the PodOverhead
- feature.'
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset. This field
- is beta-level, gated by the NonPreemptingPriority feature-gate.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be
- evaluated for pod readiness. A pod is ready when all
- its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More
- info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- restartPolicy:
- description: 'Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. Default to
- Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or
- empty, the "legacy" RuntimeClass will be used, which
- is an implicit class with an empty definition that uses
- the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
- This is a beta feature as of Kubernetes v1.14.'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod will
- be dispatched by default scheduler.
- type: string
- securityContext:
- description: 'SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field.'
- properties:
- fsGroup:
- description: "A special supplemental group that applies
- to all containers in a pod. Some volume types allow
- the Kubelet to change the ownership of that volume
- to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files
- created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw---- \n
- If unset, the Kubelet will not modify the ownership
- and permissions of any volume."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have no
- effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for
- that container.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not
- run as UID 0 (root) and fail to start the container
- if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified in
- image metadata if unspecified. May also be set in
- SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container runtime
- will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file on
- the node should be used. RuntimeDefault - the
- container runtime default profile should be
- used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to the
- container's primary GID. If unspecified, no groups
- will be added to any container.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- items:
- description: Sysctl defines a kernel parameter to
- be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options within
- a container's SecurityContext will be used. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: string
- type: object
- type: object
- serviceAccount:
- description: 'DeprecatedServiceAccount is a depreciated
- alias for ServiceAccountName. Deprecated: Use serviceAccountName
- instead.'
- type: string
- serviceAccountName:
- description: 'ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the default).
- In Linux containers, this means setting the FQDN in
- the hostname field of the kernel (the nodename field
- of struct utsname). In Windows containers, this means
- setting the registry value of hostname for the registry
- key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect.
- Default to false.
- type: boolean
- shareProcessNamespace:
- description: 'Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process in
- each container will not be assigned PID 1. HostPID and
- ShareProcessNamespace cannot both be set. Optional:
- Default to false.'
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster
- domain>". If not specified, the pod will not have a
- domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple <key,value,effect>
- using the matching operator <operator>.
- properties:
- effect:
- description: Effect indicates the taint effect to
- match. Empty means match all taint effects. When
- specified, allowed values are NoSchedule, PreferNoSchedule
- and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and Equal.
- Defaults to Equal. Exists is equivalent to wildcard
- for value, so that a pod can tolerate all taints
- of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period
- of time the toleration (which must be of effect
- NoExecute, otherwise this field is ignored) tolerates
- the taint. By default, it is not set, which means
- tolerate the taint forever (do not evict). Zero
- and negative values will be treated as 0 (evict
- immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a
- group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides by
- the constraints. All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how
- to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- maxSkew:
- description: 'MaxSkew describes the degree to which
- pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between
- the number of matching pods in the target topology
- and the global minimum. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the
- same labelSelector spread as 1/1/0: | zone1 |
- zone2 | zone3 | | P | P | | - if
- MaxSkew is 1, incoming pod can only be scheduled
- to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
- would make the ActualSkew(2-0) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It''s a required field. Default
- value is 1 and 0 is not allowed.'
- format: int32
- type: integer
- topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each <key, value> as a "bucket", and
- try to put balanced number of pods into each bucket.
- It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to
- deal with a pod if it doesn''t satisfy the spread
- constraint. - DoNotSchedule (default) tells the
- scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assigment
- for that pod would violate "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set
- to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
- satisfies MaxSkew(1). In other words, the cluster
- can still be imbalanced, but scheduler won''t
- make it *more* imbalanced. It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: 'List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
- items:
- description: Volume represents a named volume in a pod
- that may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: 'AWSElasticBlockStore represents an
- AWS Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty).'
- format: int32
- type: integer
- readOnly:
- description: 'Specify "true" to force and set
- the ReadOnly property in VolumeMounts to "true".
- If omitted, the default is "false". More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'Unique ID of the persistent disk
- resource in AWS (Amazon EBS volume). More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: AzureDisk represents an Azure Data
- Disk mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'Host Caching mode: None, Read
- Only, Read Write.'
- type: string
- diskName:
- description: The Name of the data disk in the
- blob storage
- type: string
- diskURI:
- description: The URI the data disk in the blob
- storage
- type: string
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'Expected values Shared: multiple
- blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed availability
- set). defaults to shared'
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: AzureFile represents an Azure File
- Service mount on the host and bind mount to the
- pod.
- properties:
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretName:
- description: the name of secret that contains
- Azure Storage Account Name and Key
- type: string
- shareName:
- description: Share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: CephFS represents a Ceph FS mount on
- the host that shares a pod's lifetime
- properties:
- monitors:
- description: 'Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
- type: string
- type: array
- path:
- description: 'Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'Optional: SecretFile is the path
- to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'Optional: SecretRef is reference
- to the authentication secret for User, default
- is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- user:
- description: 'Optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'Cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'Optional: points to a secret object
- containing parameters used to connect to OpenStack.'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- volumeID:
- description: 'volume id used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: ConfigMap represents a configMap that
- should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may not
- contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its keys must be defined
- type: boolean
- type: object
- csi:
- description: CSI (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: Driver is the name of the CSI driver
- that handles this volume. Consult with your
- admin for the correct name as registered in
- the cluster.
- type: string
- fsType:
- description: Filesystem type to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI driver
- which will determine the default filesystem
- to apply.
- type: string
- nodePublishSecretRef:
- description: NodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to complete
- the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be
- empty if no secret is required. If the secret
- object contains more than one secret, all
- secret references are passed.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- readOnly:
- description: Specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: VolumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for supported
- values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: DownwardAPI represents downward API
- about the pod that should populate this volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward API
- volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created.
- Must not be absolute or contain the
- ''..'' path. Must be utf-8 encoded.
- The first item of the relative path
- must not start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are
- currently supported.'
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to
- select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: 'EmptyDir represents a temporary directory
- that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'What type of storage medium should
- back this directory. The default is "" which
- means to use the node''s default medium. Must
- be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: 'Total amount of local storage
- required for this EmptyDir volume. The size
- limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir
- would be the minimum value between the SizeLimit
- specified here and the sum of memory limits
- of all containers in a pod. The default is
- nil which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "Ephemeral represents a volume that
- is handled by a cluster storage driver. The volume's
- lifecycle is tied to the pod that defines it -
- it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c)
- the storage driver is specified through a storage
- class, and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type and
- PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle of
- an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of
- the driver for more information. \n A pod can
- use both types of ephemeral volumes and persistent
- volumes at the same time. \n This is a beta feature
- and only available when the GenericEphemeralVolume
- feature gate is enabled."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in which
- this EphemeralVolumeSource is embedded will
- be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name
- of the PVC will be `<pod name>-<volume name>`
- where `<volume name>` is the name from the
- `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
- \n An existing PVC with that name that is
- not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume
- by mistake. Starting the pod is then blocked
- until the unrelated PVC is removed. If such
- a pre-created PVC is meant to be used by the
- pod, the PVC has to updated with an owner
- reference to the pod once the pod exists.
- Normally this should not be necessary, but
- it may be useful when manually reconstructing
- a broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n Required,
- must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged
- into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: 'AccessModes contains the
- desired access modes the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: 'This field can be used
- to specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- * An existing custom resource that
- implements data population (Alpha)
- In order to use custom resource types
- that implement data population, the
- AnyVolumeDataSource feature gate must
- be enabled. If the provisioner or
- an external controller can support
- the specified data source, it will
- create a new volume based on the contents
- of the specified data source.'
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: 'Resources represents the
- minimum resources the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the
- maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container, it
- defaults to Limits if that is
- explicitly specified, otherwise
- to an implementation-defined value.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- selector:
- description: A label query over volumes
- to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- storageClassName:
- description: 'Name of the StorageClass
- required by the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
- type: string
- volumeName:
- description: VolumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: FC represents a Fibre Channel resource
- that is attached to a kubelet's host machine and
- then exposed to the pod.
- properties:
- fsType:
- description: 'Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- lun:
- description: 'Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'Optional: FC target worldwide
- names (WWNs)'
- items:
- type: string
- type: array
- wwids:
- description: 'Optional: FC volume world wide
- identifiers (wwids) Either wwids or combination
- of targetWWNs and lun must be set, but not
- both simultaneously.'
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: FlexVolume represents a generic volume
- resource that is provisioned/attached using an
- exec based plugin.
- properties:
- driver:
- description: Driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- The default filesystem depends on FlexVolume
- script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'Optional: Extra command options
- if any.'
- type: object
- readOnly:
- description: 'Optional: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'Optional: SecretRef is reference
- to the secret object containing sensitive
- information to pass to the plugin scripts.
- This may be empty if no secret object is specified.
- If the secret object contains more than one
- secret, all secrets are passed to the plugin
- scripts.'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- required:
- - driver
- type: object
- flocker:
- description: Flocker represents a Flocker volume
- attached to a kubelet's host machine. This depends
- on the Flocker control service being running
- properties:
- datasetName:
- description: Name of the dataset stored as metadata
- -> name on the dataset for Flocker should
- be considered as deprecated
- type: string
- datasetUUID:
- description: UUID of the dataset. This is unique
- identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'GCEPersistentDisk represents a GCE
- Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'The partition in the volume that
- you want to mount. If omitted, the default
- is to mount by volume name. Examples: For
- volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'Unique name of the PD resource
- in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'GitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with a
- git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod''s container.'
- properties:
- directory:
- description: Target directory name. Must not
- contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the
- git repository in the subdirectory with the
- given name.
- type: string
- repository:
- description: Repository URL
- type: string
- revision:
- description: Commit hash for the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'Glusterfs represents a Glusterfs mount
- on the host that shares a pod''s lifetime. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'EndpointsName is the endpoint
- name that details Glusterfs topology. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'Path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'ReadOnly here will force the Glusterfs
- volume to be mounted with read-only permissions.
- Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'HostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write.'
- properties:
- path:
- description: 'Path of the directory on the host.
- If the path is a symlink, it will follow the
- link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'Type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'ISCSI represents an ISCSI Disk resource
- that is attached to a kubelet''s host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: whether support iSCSI Discovery
- CHAP authentication
- type: boolean
- chapAuthSession:
- description: whether support iSCSI Session CHAP
- authentication
- type: boolean
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- initiatorName:
- description: Custom iSCSI Initiator Name. If
- initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface <target
- portal>:<volume name> will be created for
- the connection.
- type: string
- iqn:
- description: Target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iSCSI Interface Name that uses
- an iSCSI transport. Defaults to 'default'
- (tcp).
- type: string
- lun:
- description: iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: iSCSI Target Portal List. The portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: ReadOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: CHAP Secret for iSCSI target and
- initiator authentication
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- targetPortal:
- description: iSCSI Target Portal. The Portal
- is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports
- 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'Volume''s name. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'NFS represents an NFS mount on the
- host that shares a pod''s lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'Path that is exported by the NFS
- server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'ReadOnly here will force the NFS
- export to be mounted with read-only permissions.
- Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'Server is the hostname or IP address
- of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'PersistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'ClaimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: Will force the ReadOnly setting
- in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: PhotonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets
- host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: ID that identifies Photon Controller
- persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: PortworxVolume represents a portworx
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: FSType represents the filesystem
- type to mount Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- volumeID:
- description: VolumeID uniquely identifies a
- Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: Items for all in one resources secrets,
- configmaps, and downward API
- properties:
- defaultMode:
- description: Mode bits used to set permissions
- on created files by default. Must be an octal
- value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Directories within the
- path are not affected by this setting. This
- might be in conflict with other options that
- affect the file mode, like fsGroup, and the
- result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: information about the configMap
- data to project
- properties:
- items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced ConfigMap will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the ConfigMap, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- downwardAPI:
- description: information about the downwardAPI
- data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile
- represents information to create
- the file containing the pod field
- properties:
- fieldRef:
- description: 'Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace
- are supported.'
- properties:
- apiVersion:
- description: Version of
- the schema the FieldPath
- is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the
- field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file, must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path
- is the relative path name
- of the file to be created.
- Must not be absolute or contain
- the ''..'' path. Must be utf-8
- encoded. The first item of
- the relative path must not
- start with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are currently
- supported.'
- properties:
- containerName:
- description: 'Container
- name: required for volumes,
- optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the
- output format of the exposed
- resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required:
- resource to select'
- type: string
- required:
- - resource
- type: object
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: information about the secret
- data to project
- properties:
- items:
- description: If unspecified, each
- key-value pair in the Data field
- of the referenced Secret will be
- projected into the volume as a file
- whose name is the key and content
- is the value. If specified, the
- listed keys will be projected into
- the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the Secret, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode
- bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set.'
- format: int32
- type: integer
- path:
- description: The relative path
- of the file to map the key
- to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- type: object
- serviceAccountToken:
- description: information about the serviceAccountToken
- data to project
- properties:
- audience:
- description: Audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and otherwise
- should reject the token. The audience
- defaults to the identifier of the
- apiserver.
- type: string
- expirationSeconds:
- description: ExpirationSeconds is
- the requested duration of validity
- of the service account token. As
- the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token.
- The kubelet will start trying to
- rotate the token if the token is
- older than 80 percent of its time
- to live or if the token is older
- than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: Path is the path relative
- to the mount point of the file to
- project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: Quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: Group to map volume access to Default
- is no group
- type: string
- readOnly:
- description: ReadOnly here will force the Quobyte
- volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: Registry represents a single or
- multiple Quobyte Registry services specified
- as a string as host:port pair (multiple entries
- are separated with commas) which acts as the
- central registry for volumes
- type: string
- tenant:
- description: Tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
- type: string
- user:
- description: User to map volume access to Defaults
- to serivceaccount user
- type: string
- volume:
- description: Volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'RBD represents a Rados Block Device
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'Filesystem type of the volume
- that you want to mount. Tip: Ensure that the
- filesystem type is supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- image:
- description: 'The rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'Keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'A collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
- type: string
- type: array
- pool:
- description: 'The rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'ReadOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'SecretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- user:
- description: 'The rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: ScaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
- type: string
- gateway:
- description: The host address of the ScaleIO
- API Gateway.
- type: string
- protectionDomain:
- description: The name of the ScaleIO Protection
- Domain for the configured storage.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation will
- fail.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- sslEnabled:
- description: Flag to enable/disable SSL communication
- with Gateway, default false
- type: boolean
- storageMode:
- description: Indicates whether the storage for
- a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: The ScaleIO Storage Pool associated
- with the protection domain.
- type: string
- system:
- description: The name of the storage system
- as configured in ScaleIO.
- type: string
- volumeName:
- description: The name of a volume already created
- in the ScaleIO system that is associated with
- this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'Secret represents a secret that should
- populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'Optional: mode bits used to set
- permissions on created files by default. Must
- be an octal value between 0000 and 0777 or
- a decimal value between 0 and 511. YAML accepts
- both octal and decimal values, JSON requires
- decimal values for mode bits. Defaults to
- 0644. Directories within the path are not
- affected by this setting. This might be in
- conflict with other options that affect the
- file mode, like fsGroup, and the result can
- be other mode bits set.'
- format: int32
- type: integer
- items:
- description: If unspecified, each key-value
- pair in the Data field of the referenced Secret
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret, the volume
- setup will error unless it is marked optional.
- Paths must be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: The key to project.
- type: string
- mode:
- description: 'Optional: mode bits used
- to set permissions on this file. Must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
- format: int32
- type: integer
- path:
- description: The relative path of the
- file to map the key to. May not be an
- absolute path. May not contain the path
- element '..'. May not start with the
- string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: Specify whether the Secret or its
- keys must be defined
- type: boolean
- secretName:
- description: 'Name of the secret in the pod''s
- namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: StorageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: SecretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
- properties:
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- volumeName:
- description: VolumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
- type: string
- volumeNamespace:
- description: VolumeNamespace specifies the scope
- of the volume within StorageOS. If no namespace
- is specified then the Pod's namespace will
- be used. This allows the Kubernetes name
- scoping to be mirrored within StorageOS for
- tighter integration. Set VolumeName to any
- name to override the default behaviour. Set
- to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: VsphereVolume represents a vSphere
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: Filesystem type to mount. Must
- be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs", "ntfs".
- Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: Storage Policy Based Management
- (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: Storage Policy Based Management
- (SPBM) profile name.
- type: string
- volumePath:
- description: Path that identifies vSphere volume
- vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- required:
- - containers
- type: object
- type: object
- required:
- - template
- type: object
- required:
- - reidWorkers
- - trackingWorkers
- - userWorker
- type: object
- status:
- description: ObjectSearchServiceStatus represents the current state of
- a object search service.
- properties:
- active:
- description: The number of actively running workers.
- format: int32
- type: integer
- conditions:
- description: The latest available observations of a object search
- service's current state.
- items:
- description: ObjectSearchServiceCondition describes current state
- of a service. see https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
- for details.
- properties:
- lastHeartbeatTime:
- description: last time we got an update on a given condition
- format: date-time
- type: string
- lastTransitionTime:
- description: Last time the condition transit from one status
- to another.
- format: date-time
- type: string
- message:
- description: Human readable message indicating details about
- last transition.
- type: string
- reason:
- description: (brief) reason for the condition's last transition,
- one-word CamelCase reason for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: Type of service condition, Complete or Failed.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- failed:
- description: The number of workers which reached to Failed.
- format: int32
- type: integer
- startTime:
- description: Represents time when the service was acknowledged by
- the service controller. It is not guaranteed to be set in happens-before
- order across separate operations. It is represented in RFC3339 form
- and is in UTC.
- format: date-time
- type: string
- type: object
- required:
- - metadata
- - spec
- type: object
- served: true
- storage: true
- subresources:
- status: {}
- status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
|
