|
|
@@ -0,0 +1,13760 @@
|
|
|
+---
|
|
|
+apiVersion: apiextensions.k8s.io/v1
|
|
|
+kind: CustomResourceDefinition
|
|
|
+metadata:
|
|
|
+ annotations:
|
|
|
+ controller-gen.kubebuilder.io/version: v0.9.2
|
|
|
+ creationTimestamp: null
|
|
|
+ name: bluegreens.app.demo.kakao.com
|
|
|
+spec:
|
|
|
+ group: app.demo.kakao.com
|
|
|
+ names:
|
|
|
+ kind: BlueGreen
|
|
|
+ listKind: BlueGreenList
|
|
|
+ plural: bluegreens
|
|
|
+ singular: bluegreen
|
|
|
+ scope: Namespaced
|
|
|
+ versions:
|
|
|
+ - name: v1
|
|
|
+ schema:
|
|
|
+ openAPIV3Schema:
|
|
|
+ description: BlueGreen is the Schema for the bluegreens API
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: 'APIVersion defines the versioned schema of this representation
|
|
|
+ of an object. Servers should convert recognized schemas to the latest
|
|
|
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
|
+ type: string
|
|
|
+ kind:
|
|
|
+ description: 'Kind is a string value representing the REST resource this
|
|
|
+ object represents. Servers may infer this from the endpoint the client
|
|
|
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
|
+ type: string
|
|
|
+ metadata:
|
|
|
+ type: object
|
|
|
+ spec:
|
|
|
+ description: BlueGreenSpec defines the desired state of BlueGreen
|
|
|
+ properties:
|
|
|
+ blueSpec:
|
|
|
+ description: Pod Spec for a Blue Service
|
|
|
+ properties:
|
|
|
+ activeDeadlineSeconds:
|
|
|
+ description: Optional duration in seconds the pod may be active
|
|
|
+ on the node relative to StartTime before the system will actively
|
|
|
+ try to mark it failed and kill associated containers. Value
|
|
|
+ must be a positive integer.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ affinity:
|
|
|
+ description: If specified, the pod's scheduling constraints
|
|
|
+ properties:
|
|
|
+ nodeAffinity:
|
|
|
+ description: Describes node affinity scheduling rules for
|
|
|
+ the pod.
|
|
|
+ properties:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: The scheduler will prefer to schedule pods
|
|
|
+ to nodes that satisfy the affinity expressions specified
|
|
|
+ by this field, but it may choose a node that violates
|
|
|
+ one or more of the expressions. The node that is most
|
|
|
+ preferred is the one with the greatest sum of weights,
|
|
|
+ i.e. for each node that meets all of the scheduling
|
|
|
+ requirements (resource request, requiredDuringScheduling
|
|
|
+ affinity expressions, etc.), compute a sum by iterating
|
|
|
+ through the elements of this field and adding "weight"
|
|
|
+ to the sum if the node matches the corresponding matchExpressions;
|
|
|
+ the node(s) with the highest sum are the most preferred.
|
|
|
+ items:
|
|
|
+ description: An empty preferred scheduling term matches
|
|
|
+ all objects with implicit weight 0 (i.e. it's a no-op).
|
|
|
+ A null preferred scheduling term matches no objects
|
|
|
+ (i.e. is also a no-op).
|
|
|
+ properties:
|
|
|
+ preference:
|
|
|
+ description: A node selector term, associated with
|
|
|
+ the corresponding weight.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's labels.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchFields:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's fields.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ weight:
|
|
|
+ description: Weight associated with matching the
|
|
|
+ corresponding nodeSelectorTerm, in the range 1-100.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ required:
|
|
|
+ - preference
|
|
|
+ - weight
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: If the affinity requirements specified by
|
|
|
+ this field are not met at scheduling time, the pod will
|
|
|
+ not be scheduled onto the node. If the affinity requirements
|
|
|
+ specified by this field cease to be met at some point
|
|
|
+ during pod execution (e.g. due to an update), the system
|
|
|
+ may or may not try to eventually evict the pod from
|
|
|
+ its node.
|
|
|
+ properties:
|
|
|
+ nodeSelectorTerms:
|
|
|
+ description: Required. A list of node selector terms.
|
|
|
+ The terms are ORed.
|
|
|
+ items:
|
|
|
+ description: A null or empty node selector term
|
|
|
+ matches no objects. The requirements of them are
|
|
|
+ ANDed. The TopologySelectorTerm type implements
|
|
|
+ a subset of the NodeSelectorTerm.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's labels.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchFields:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's fields.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - nodeSelectorTerms
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ podAffinity:
|
|
|
+ description: Describes pod affinity scheduling rules (e.g.
|
|
|
+ co-locate this pod in the same node, zone, etc. as some
|
|
|
+ other pod(s)).
|
|
|
+ properties:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: The scheduler will prefer to schedule pods
|
|
|
+ to nodes that satisfy the affinity expressions specified
|
|
|
+ by this field, but it may choose a node that violates
|
|
|
+ one or more of the expressions. The node that is most
|
|
|
+ preferred is the one with the greatest sum of weights,
|
|
|
+ i.e. for each node that meets all of the scheduling
|
|
|
+ requirements (resource request, requiredDuringScheduling
|
|
|
+ affinity expressions, etc.), compute a sum by iterating
|
|
|
+ through the elements of this field and adding "weight"
|
|
|
+ to the sum if the node has pods which matches the corresponding
|
|
|
+ podAffinityTerm; the node(s) with the highest sum are
|
|
|
+ the most preferred.
|
|
|
+ items:
|
|
|
+ description: The weights of all of the matched WeightedPodAffinityTerm
|
|
|
+ fields are added per-node to find the most preferred
|
|
|
+ node(s)
|
|
|
+ properties:
|
|
|
+ podAffinityTerm:
|
|
|
+ description: Required. A pod affinity term, associated
|
|
|
+ with the corresponding weight.
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by
|
|
|
+ this field and the ones listed in the namespaces
|
|
|
+ field. null selector and null or empty namespaces
|
|
|
+ list means "this pod's namespace". An empty
|
|
|
+ selector ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to.
|
|
|
+ The term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected
|
|
|
+ by namespaceSelector. null or empty namespaces
|
|
|
+ list and null namespaceSelector means "this
|
|
|
+ pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the
|
|
|
+ pods matching the labelSelector in the specified
|
|
|
+ namespaces, where co-located is defined as
|
|
|
+ running on a node whose value of the label
|
|
|
+ with key topologyKey matches that of any node
|
|
|
+ on which any of the selected pods is running.
|
|
|
+ Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ weight:
|
|
|
+ description: weight associated with matching the
|
|
|
+ corresponding podAffinityTerm, in the range 1-100.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ required:
|
|
|
+ - podAffinityTerm
|
|
|
+ - weight
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: If the affinity requirements specified by
|
|
|
+ this field are not met at scheduling time, the pod will
|
|
|
+ not be scheduled onto the node. If the affinity requirements
|
|
|
+ specified by this field cease to be met at some point
|
|
|
+ during pod execution (e.g. due to a pod label update),
|
|
|
+ the system may or may not try to eventually evict the
|
|
|
+ pod from its node. When there are multiple elements,
|
|
|
+ the lists of nodes corresponding to each podAffinityTerm
|
|
|
+ are intersected, i.e. all terms must be satisfied.
|
|
|
+ items:
|
|
|
+ description: Defines a set of pods (namely those matching
|
|
|
+ the labelSelector relative to the given namespace(s))
|
|
|
+ that this pod should be co-located (affinity) or not
|
|
|
+ co-located (anti-affinity) with, where co-located
|
|
|
+ is defined as running on a node whose value of the
|
|
|
+ label with key <topologyKey> matches that of any node
|
|
|
+ on which a pod of the set of pods is running
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by this
|
|
|
+ field and the ones listed in the namespaces field.
|
|
|
+ null selector and null or empty namespaces list
|
|
|
+ means "this pod's namespace". An empty selector
|
|
|
+ ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to. The
|
|
|
+ term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected by
|
|
|
+ namespaceSelector. null or empty namespaces list
|
|
|
+ and null namespaceSelector means "this pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the pods
|
|
|
+ matching the labelSelector in the specified namespaces,
|
|
|
+ where co-located is defined as running on a node
|
|
|
+ whose value of the label with key topologyKey
|
|
|
+ matches that of any node on which any of the selected
|
|
|
+ pods is running. Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ podAntiAffinity:
|
|
|
+ description: Describes pod anti-affinity scheduling rules
|
|
|
+ (e.g. avoid putting this pod in the same node, zone, etc.
|
|
|
+ as some other pod(s)).
|
|
|
+ properties:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: The scheduler will prefer to schedule pods
|
|
|
+ to nodes that satisfy the anti-affinity expressions
|
|
|
+ specified by this field, but it may choose a node that
|
|
|
+ violates one or more of the expressions. The node that
|
|
|
+ is most preferred is the one with the greatest sum of
|
|
|
+ weights, i.e. for each node that meets all of the scheduling
|
|
|
+ requirements (resource request, requiredDuringScheduling
|
|
|
+ anti-affinity expressions, etc.), compute a sum by iterating
|
|
|
+ through the elements of this field and adding "weight"
|
|
|
+ to the sum if the node has pods which matches the corresponding
|
|
|
+ podAffinityTerm; the node(s) with the highest sum are
|
|
|
+ the most preferred.
|
|
|
+ items:
|
|
|
+ description: The weights of all of the matched WeightedPodAffinityTerm
|
|
|
+ fields are added per-node to find the most preferred
|
|
|
+ node(s)
|
|
|
+ properties:
|
|
|
+ podAffinityTerm:
|
|
|
+ description: Required. A pod affinity term, associated
|
|
|
+ with the corresponding weight.
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by
|
|
|
+ this field and the ones listed in the namespaces
|
|
|
+ field. null selector and null or empty namespaces
|
|
|
+ list means "this pod's namespace". An empty
|
|
|
+ selector ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to.
|
|
|
+ The term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected
|
|
|
+ by namespaceSelector. null or empty namespaces
|
|
|
+ list and null namespaceSelector means "this
|
|
|
+ pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the
|
|
|
+ pods matching the labelSelector in the specified
|
|
|
+ namespaces, where co-located is defined as
|
|
|
+ running on a node whose value of the label
|
|
|
+ with key topologyKey matches that of any node
|
|
|
+ on which any of the selected pods is running.
|
|
|
+ Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ weight:
|
|
|
+ description: weight associated with matching the
|
|
|
+ corresponding podAffinityTerm, in the range 1-100.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ required:
|
|
|
+ - podAffinityTerm
|
|
|
+ - weight
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: If the anti-affinity requirements specified
|
|
|
+ by this field are not met at scheduling time, the pod
|
|
|
+ will not be scheduled onto the node. If the anti-affinity
|
|
|
+ requirements specified by this field cease to be met
|
|
|
+ at some point during pod execution (e.g. due to a pod
|
|
|
+ label update), the system may or may not try to eventually
|
|
|
+ evict the pod from its node. When there are multiple
|
|
|
+ elements, the lists of nodes corresponding to each podAffinityTerm
|
|
|
+ are intersected, i.e. all terms must be satisfied.
|
|
|
+ items:
|
|
|
+ description: Defines a set of pods (namely those matching
|
|
|
+ the labelSelector relative to the given namespace(s))
|
|
|
+ that this pod should be co-located (affinity) or not
|
|
|
+ co-located (anti-affinity) with, where co-located
|
|
|
+ is defined as running on a node whose value of the
|
|
|
+ label with key <topologyKey> matches that of any node
|
|
|
+ on which a pod of the set of pods is running
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by this
|
|
|
+ field and the ones listed in the namespaces field.
|
|
|
+ null selector and null or empty namespaces list
|
|
|
+ means "this pod's namespace". An empty selector
|
|
|
+ ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to. The
|
|
|
+ term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected by
|
|
|
+ namespaceSelector. null or empty namespaces list
|
|
|
+ and null namespaceSelector means "this pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the pods
|
|
|
+ matching the labelSelector in the specified namespaces,
|
|
|
+ where co-located is defined as running on a node
|
|
|
+ whose value of the label with key topologyKey
|
|
|
+ matches that of any node on which any of the selected
|
|
|
+ pods is running. Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ automountServiceAccountToken:
|
|
|
+ description: AutomountServiceAccountToken indicates whether a
|
|
|
+ service account token should be automatically mounted.
|
|
|
+ type: boolean
|
|
|
+ containers:
|
|
|
+ description: List of containers belonging to the pod. Containers
|
|
|
+ cannot currently be added or removed. There must be at least
|
|
|
+ one container in a Pod. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: A single application container that you want to
|
|
|
+ run within a pod.
|
|
|
+ properties:
|
|
|
+ args:
|
|
|
+ description: 'Arguments to the entrypoint. The container
|
|
|
+ image''s CMD is used if this is not provided. Variable
|
|
|
+ references $(VAR_NAME) are expanded using the container''s
|
|
|
+ environment. If a variable cannot be resolved, the reference
|
|
|
+ in the input string will be unchanged. Double $$ are reduced
|
|
|
+ to a single $, which allows for escaping the $(VAR_NAME)
|
|
|
+ syntax: i.e. "$$(VAR_NAME)" will produce the string literal
|
|
|
+ "$(VAR_NAME)". Escaped references will never be expanded,
|
|
|
+ regardless of whether the variable exists or not. Cannot
|
|
|
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ command:
|
|
|
+ description: 'Entrypoint array. Not executed within a shell.
|
|
|
+ The container image''s ENTRYPOINT is used if this is not
|
|
|
+ provided. Variable references $(VAR_NAME) are expanded
|
|
|
+ using the container''s environment. If a variable cannot
|
|
|
+ be resolved, the reference in the input string will be
|
|
|
+ unchanged. Double $$ are reduced to a single $, which
|
|
|
+ allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of whether
|
|
|
+ the variable exists or not. Cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ env:
|
|
|
+ description: List of environment variables to set in the
|
|
|
+ container. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvVar represents an environment variable
|
|
|
+ present in a Container.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of the environment variable. Must
|
|
|
+ be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: 'Variable references $(VAR_NAME) are
|
|
|
+ expanded using the previously defined environment
|
|
|
+ variables in the container and any service environment
|
|
|
+ variables. If a variable cannot be resolved, the
|
|
|
+ reference in the input string will be unchanged.
|
|
|
+ Double $$ are reduced to a single $, which allows
|
|
|
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of
|
|
|
+ whether the variable exists or not. Defaults to
|
|
|
+ "".'
|
|
|
+ type: string
|
|
|
+ valueFrom:
|
|
|
+ description: Source for the environment variable's
|
|
|
+ value. Cannot be used if value is not empty.
|
|
|
+ properties:
|
|
|
+ configMapKeyRef:
|
|
|
+ description: Selects a key of a ConfigMap.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key to select.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap
|
|
|
+ or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ fieldRef:
|
|
|
+ description: 'Selects a field of the pod: supports
|
|
|
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
|
|
|
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
|
|
|
+ spec.serviceAccountName, status.hostIP, status.podIP,
|
|
|
+ status.podIPs.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, limits.ephemeral-storage, requests.cpu,
|
|
|
+ requests.memory and requests.ephemeral-storage)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ secretKeyRef:
|
|
|
+ description: Selects a key of a secret in the
|
|
|
+ pod's namespace
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key of the secret to select
|
|
|
+ from. Must be a valid secret key.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret or
|
|
|
+ its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ envFrom:
|
|
|
+ description: List of sources to populate environment variables
|
|
|
+ in the container. The keys defined within a source must
|
|
|
+ be a C_IDENTIFIER. All invalid keys will be reported as
|
|
|
+ an event when the container is starting. When a key exists
|
|
|
+ in multiple sources, the value associated with the last
|
|
|
+ source will take precedence. Values defined by an Env
|
|
|
+ with a duplicate key will take precedence. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvFromSource represents the source of a
|
|
|
+ set of ConfigMaps
|
|
|
+ properties:
|
|
|
+ configMapRef:
|
|
|
+ description: The ConfigMap to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap must
|
|
|
+ be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ prefix:
|
|
|
+ description: An optional identifier to prepend to
|
|
|
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: The Secret to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret must be
|
|
|
+ defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ image:
|
|
|
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
|
|
|
+ This field is optional to allow higher level config management
|
|
|
+ to default or override container images in workload controllers
|
|
|
+ like Deployments and StatefulSets.'
|
|
|
+ type: string
|
|
|
+ imagePullPolicy:
|
|
|
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
|
|
|
+ Defaults to Always if :latest tag is specified, or IfNotPresent
|
|
|
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
|
|
|
+ type: string
|
|
|
+ lifecycle:
|
|
|
+ description: Actions that the management system should take
|
|
|
+ in response to container lifecycle events. Cannot be updated.
|
|
|
+ properties:
|
|
|
+ postStart:
|
|
|
+ description: 'PostStart is called immediately after
|
|
|
+ a container is created. If the handler fails, the
|
|
|
+ container is terminated and restarted according to
|
|
|
+ its restart policy. Other management of the container
|
|
|
+ blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ preStop:
|
|
|
+ description: 'PreStop is called immediately before a
|
|
|
+ container is terminated due to an API request or management
|
|
|
+ event such as liveness/startup probe failure, preemption,
|
|
|
+ resource contention, etc. The handler is not called
|
|
|
+ if the container crashes or exits. The Pod''s termination
|
|
|
+ grace period countdown begins before the PreStop hook
|
|
|
+ is executed. Regardless of the outcome of the handler,
|
|
|
+ the container will eventually terminate within the
|
|
|
+ Pod''s termination grace period (unless delayed by
|
|
|
+ finalizers). Other management of the container blocks
|
|
|
+ until the hook completes or until the termination
|
|
|
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ livenessProbe:
|
|
|
+ description: 'Periodic probe of container liveness. Container
|
|
|
+ will be restarted if the probe fails. Cannot be updated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: Name of the container specified as a DNS_LABEL.
|
|
|
+ Each container in a pod must have a unique name (DNS_LABEL).
|
|
|
+ Cannot be updated.
|
|
|
+ type: string
|
|
|
+ ports:
|
|
|
+ description: List of ports to expose from the container.
|
|
|
+ Exposing a port here gives the system additional information
|
|
|
+ about the network connections a container uses, but is
|
|
|
+ primarily informational. Not specifying a port here DOES
|
|
|
+ NOT prevent that port from being exposed. Any port which
|
|
|
+ is listening on the default "0.0.0.0" address inside a
|
|
|
+ container will be accessible from the network. Cannot
|
|
|
+ be updated.
|
|
|
+ items:
|
|
|
+ description: ContainerPort represents a network port in
|
|
|
+ a single container.
|
|
|
+ properties:
|
|
|
+ containerPort:
|
|
|
+ description: Number of port to expose on the pod's
|
|
|
+ IP address. This must be a valid port number, 0
|
|
|
+ < x < 65536.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ hostIP:
|
|
|
+ description: What host IP to bind the external port
|
|
|
+ to.
|
|
|
+ type: string
|
|
|
+ hostPort:
|
|
|
+ description: Number of port to expose on the host.
|
|
|
+ If specified, this must be a valid port number,
|
|
|
+ 0 < x < 65536. If HostNetwork is specified, this
|
|
|
+ must match ContainerPort. Most containers do not
|
|
|
+ need this.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ name:
|
|
|
+ description: If specified, this must be an IANA_SVC_NAME
|
|
|
+ and unique within the pod. Each named port in a
|
|
|
+ pod must have a unique name. Name for the port that
|
|
|
+ can be referred to by services.
|
|
|
+ type: string
|
|
|
+ protocol:
|
|
|
+ default: TCP
|
|
|
+ description: Protocol for port. Must be UDP, TCP,
|
|
|
+ or SCTP. Defaults to "TCP".
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - containerPort
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - containerPort
|
|
|
+ - protocol
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ readinessProbe:
|
|
|
+ description: 'Periodic probe of container service readiness.
|
|
|
+ Container will be removed from service endpoints if the
|
|
|
+ probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ resources:
|
|
|
+ description: 'Compute Resources required by this container.
|
|
|
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum amount of
|
|
|
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum amount
|
|
|
+ of compute resources required. If Requests is omitted
|
|
|
+ for a container, it defaults to Limits if that is
|
|
|
+ explicitly specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ securityContext:
|
|
|
+ description: 'SecurityContext defines the security options
|
|
|
+ the container should be run with. If set, the fields of
|
|
|
+ SecurityContext override the equivalent fields of PodSecurityContext.
|
|
|
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
|
|
+ properties:
|
|
|
+ allowPrivilegeEscalation:
|
|
|
+ description: 'AllowPrivilegeEscalation controls whether
|
|
|
+ a process can gain more privileges than its parent
|
|
|
+ process. This bool directly controls if the no_new_privs
|
|
|
+ flag will be set on the container process. AllowPrivilegeEscalation
|
|
|
+ is true always when the container is: 1) run as Privileged
|
|
|
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
|
|
|
+ set when spec.os.name is windows.'
|
|
|
+ type: boolean
|
|
|
+ capabilities:
|
|
|
+ description: The capabilities to add/drop when running
|
|
|
+ containers. Defaults to the default set of capabilities
|
|
|
+ granted by the container runtime. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ add:
|
|
|
+ description: Added capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ drop:
|
|
|
+ description: Removed capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ privileged:
|
|
|
+ description: Run container in privileged mode. Processes
|
|
|
+ in privileged containers are essentially equivalent
|
|
|
+ to root on the host. Defaults to false. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ procMount:
|
|
|
+ description: procMount denotes the type of proc mount
|
|
|
+ to use for the containers. The default is DefaultProcMount
|
|
|
+ which uses the container runtime defaults for readonly
|
|
|
+ paths and masked paths. This requires the ProcMountType
|
|
|
+ feature flag to be enabled. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ type: string
|
|
|
+ readOnlyRootFilesystem:
|
|
|
+ description: Whether this container has a read-only
|
|
|
+ root filesystem. Default is false. Note that this
|
|
|
+ field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be
|
|
|
+ set in PodSecurityContext. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as
|
|
|
+ a non-root user. If true, the Kubelet will validate
|
|
|
+ the image at runtime to ensure that it does not run
|
|
|
+ as UID 0 (root) and fail to start the container if
|
|
|
+ it does. If unset or false, no such validation will
|
|
|
+ be performed. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata
|
|
|
+ if unspecified. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to the
|
|
|
+ container. If unspecified, the container runtime will
|
|
|
+ allocate a random SELinux context for each container. May
|
|
|
+ also be set in PodSecurityContext. If set in both
|
|
|
+ SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence. Note
|
|
|
+ that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by this container.
|
|
|
+ If seccomp options are provided at both the pod &
|
|
|
+ container level, the container options override the
|
|
|
+ pod options. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile
|
|
|
+ defined in a file on the node should be used.
|
|
|
+ The profile must be preconfigured on the node
|
|
|
+ to work. Must be a descending path, relative to
|
|
|
+ the kubelet's configured seccomp profile location.
|
|
|
+ Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp
|
|
|
+ profile will be applied. Valid options are: \n
|
|
|
+ Localhost - a profile defined in a file on the
|
|
|
+ node should be used. RuntimeDefault - the container
|
|
|
+ runtime default profile should be used. Unconfined
|
|
|
+ - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to
|
|
|
+ all containers. If unspecified, the options from the
|
|
|
+ PodSecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA
|
|
|
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec
|
|
|
+ named by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name
|
|
|
+ of the GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container
|
|
|
+ should be run as a 'Host Process' container. This
|
|
|
+ field is alpha-level and will only be honored
|
|
|
+ by components that enable the WindowsHostProcessContainers
|
|
|
+ feature flag. Setting this field without the feature
|
|
|
+ flag will result in errors when validating the
|
|
|
+ Pod. All of a Pod's containers must have the same
|
|
|
+ effective HostProcess value (it is not allowed
|
|
|
+ to have a mix of HostProcess containers and non-HostProcess
|
|
|
+ containers). In addition, if HostProcess is true
|
|
|
+ then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the
|
|
|
+ entrypoint of the container process. Defaults
|
|
|
+ to the user specified in image metadata if unspecified.
|
|
|
+ May also be set in PodSecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ startupProbe:
|
|
|
+ description: 'StartupProbe indicates that the Pod has successfully
|
|
|
+ initialized. If specified, no other probes are executed
|
|
|
+ until this completes successfully. If this probe fails,
|
|
|
+ the Pod will be restarted, just as if the livenessProbe
|
|
|
+ failed. This can be used to provide different probe parameters
|
|
|
+ at the beginning of a Pod''s lifecycle, when it might
|
|
|
+ take a long time to load data or warm a cache, than during
|
|
|
+ steady-state operation. This cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ stdin:
|
|
|
+ description: Whether this container should allocate a buffer
|
|
|
+ for stdin in the container runtime. If this is not set,
|
|
|
+ reads from stdin in the container will always result in
|
|
|
+ EOF. Default is false.
|
|
|
+ type: boolean
|
|
|
+ stdinOnce:
|
|
|
+ description: Whether the container runtime should close
|
|
|
+ the stdin channel after it has been opened by a single
|
|
|
+ attach. When stdin is true the stdin stream will remain
|
|
|
+ open across multiple attach sessions. If stdinOnce is
|
|
|
+ set to true, stdin is opened on container start, is empty
|
|
|
+ until the first client attaches to stdin, and then remains
|
|
|
+ open and accepts data until the client disconnects, at
|
|
|
+ which time stdin is closed and remains closed until the
|
|
|
+ container is restarted. If this flag is false, a container
|
|
|
+ processes that reads from stdin will never receive an
|
|
|
+ EOF. Default is false
|
|
|
+ type: boolean
|
|
|
+ terminationMessagePath:
|
|
|
+ description: 'Optional: Path at which the file to which
|
|
|
+ the container''s termination message will be written is
|
|
|
+ mounted into the container''s filesystem. Message written
|
|
|
+ is intended to be brief final status, such as an assertion
|
|
|
+ failure message. Will be truncated by the node if greater
|
|
|
+ than 4096 bytes. The total message length across all containers
|
|
|
+ will be limited to 12kb. Defaults to /dev/termination-log.
|
|
|
+ Cannot be updated.'
|
|
|
+ type: string
|
|
|
+ terminationMessagePolicy:
|
|
|
+ description: Indicate how the termination message should
|
|
|
+ be populated. File will use the contents of terminationMessagePath
|
|
|
+ to populate the container status message on both success
|
|
|
+ and failure. FallbackToLogsOnError will use the last chunk
|
|
|
+ of container log output if the termination message file
|
|
|
+ is empty and the container exited with an error. The log
|
|
|
+ output is limited to 2048 bytes or 80 lines, whichever
|
|
|
+ is smaller. Defaults to File. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ tty:
|
|
|
+ description: Whether this container should allocate a TTY
|
|
|
+ for itself, also requires 'stdin' to be true. Default
|
|
|
+ is false.
|
|
|
+ type: boolean
|
|
|
+ volumeDevices:
|
|
|
+ description: volumeDevices is the list of block devices
|
|
|
+ to be used by the container.
|
|
|
+ items:
|
|
|
+ description: volumeDevice describes a mapping of a raw
|
|
|
+ block device within a container.
|
|
|
+ properties:
|
|
|
+ devicePath:
|
|
|
+ description: devicePath is the path inside of the
|
|
|
+ container that the device will be mapped to.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: name must match the name of a persistentVolumeClaim
|
|
|
+ in the pod
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - devicePath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ volumeMounts:
|
|
|
+ description: Pod volumes to mount into the container's filesystem.
|
|
|
+ Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: VolumeMount describes a mounting of a Volume
|
|
|
+ within a container.
|
|
|
+ properties:
|
|
|
+ mountPath:
|
|
|
+ description: Path within the container at which the
|
|
|
+ volume should be mounted. Must not contain ':'.
|
|
|
+ type: string
|
|
|
+ mountPropagation:
|
|
|
+ description: mountPropagation determines how mounts
|
|
|
+ are propagated from the host to container and the
|
|
|
+ other way around. When not set, MountPropagationNone
|
|
|
+ is used. This field is beta in 1.10.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: This must match the Name of a Volume.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: Mounted read-only if true, read-write
|
|
|
+ otherwise (false or unspecified). Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ subPath:
|
|
|
+ description: Path within the volume from which the
|
|
|
+ container's volume should be mounted. Defaults to
|
|
|
+ "" (volume's root).
|
|
|
+ type: string
|
|
|
+ subPathExpr:
|
|
|
+ description: Expanded path within the volume from
|
|
|
+ which the container's volume should be mounted.
|
|
|
+ Behaves similarly to SubPath but environment variable
|
|
|
+ references $(VAR_NAME) are expanded using the container's
|
|
|
+ environment. Defaults to "" (volume's root). SubPathExpr
|
|
|
+ and SubPath are mutually exclusive.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - mountPath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ workingDir:
|
|
|
+ description: Container's working directory. If not specified,
|
|
|
+ the container runtime's default will be used, which might
|
|
|
+ be configured in the container image. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ dnsConfig:
|
|
|
+ description: Specifies the DNS parameters of a pod. Parameters
|
|
|
+ specified here will be merged to the generated DNS configuration
|
|
|
+ based on DNSPolicy.
|
|
|
+ properties:
|
|
|
+ nameservers:
|
|
|
+ description: A list of DNS name server IP addresses. This
|
|
|
+ will be appended to the base nameservers generated from
|
|
|
+ DNSPolicy. Duplicated nameservers will be removed.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ options:
|
|
|
+ description: A list of DNS resolver options. This will be
|
|
|
+ merged with the base options generated from DNSPolicy. Duplicated
|
|
|
+ entries will be removed. Resolution options given in Options
|
|
|
+ will override those that appear in the base DNSPolicy.
|
|
|
+ items:
|
|
|
+ description: PodDNSConfigOption defines DNS resolver options
|
|
|
+ of a pod.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Required.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ searches:
|
|
|
+ description: A list of DNS search domains for host-name lookup.
|
|
|
+ This will be appended to the base search paths generated
|
|
|
+ from DNSPolicy. Duplicated search paths will be removed.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ dnsPolicy:
|
|
|
+ description: Set DNS policy for the pod. Defaults to "ClusterFirst".
|
|
|
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
|
|
|
+ 'Default' or 'None'. DNS parameters given in DNSConfig will
|
|
|
+ be merged with the policy selected with DNSPolicy. To have DNS
|
|
|
+ options set along with hostNetwork, you have to specify DNS
|
|
|
+ policy explicitly to 'ClusterFirstWithHostNet'.
|
|
|
+ type: string
|
|
|
+ enableServiceLinks:
|
|
|
+ description: 'EnableServiceLinks indicates whether information
|
|
|
+ about services should be injected into pod''s environment variables,
|
|
|
+ matching the syntax of Docker links. Optional: Defaults to true.'
|
|
|
+ type: boolean
|
|
|
+ ephemeralContainers:
|
|
|
+ description: List of ephemeral containers run in this pod. Ephemeral
|
|
|
+ containers may be run in an existing pod to perform user-initiated
|
|
|
+ actions such as debugging. This list cannot be specified when
|
|
|
+ creating a pod, and it cannot be modified by updating the pod
|
|
|
+ spec. In order to add an ephemeral container to an existing
|
|
|
+ pod, use the pod's ephemeralcontainers subresource. This field
|
|
|
+ is beta-level and available on clusters that haven't disabled
|
|
|
+ the EphemeralContainers feature gate.
|
|
|
+ items:
|
|
|
+ description: "An EphemeralContainer is a temporary container
|
|
|
+ that you may add to an existing Pod for user-initiated activities
|
|
|
+ such as debugging. Ephemeral containers have no resource or
|
|
|
+ scheduling guarantees, and they will not be restarted when
|
|
|
+ they exit or when a Pod is removed or restarted. The kubelet
|
|
|
+ may evict a Pod if an ephemeral container causes the Pod to
|
|
|
+ exceed its resource allocation. \n To add an ephemeral container,
|
|
|
+ use the ephemeralcontainers subresource of an existing Pod.
|
|
|
+ Ephemeral containers may not be removed or restarted. \n This
|
|
|
+ is a beta feature available on clusters that haven't disabled
|
|
|
+ the EphemeralContainers feature gate."
|
|
|
+ properties:
|
|
|
+ args:
|
|
|
+ description: 'Arguments to the entrypoint. The image''s
|
|
|
+ CMD is used if this is not provided. Variable references
|
|
|
+ $(VAR_NAME) are expanded using the container''s environment.
|
|
|
+ If a variable cannot be resolved, the reference in the
|
|
|
+ input string will be unchanged. Double $$ are reduced
|
|
|
+ to a single $, which allows for escaping the $(VAR_NAME)
|
|
|
+ syntax: i.e. "$$(VAR_NAME)" will produce the string literal
|
|
|
+ "$(VAR_NAME)". Escaped references will never be expanded,
|
|
|
+ regardless of whether the variable exists or not. Cannot
|
|
|
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ command:
|
|
|
+ description: 'Entrypoint array. Not executed within a shell.
|
|
|
+ The image''s ENTRYPOINT is used if this is not provided.
|
|
|
+ Variable references $(VAR_NAME) are expanded using the
|
|
|
+ container''s environment. If a variable cannot be resolved,
|
|
|
+ the reference in the input string will be unchanged. Double
|
|
|
+ $$ are reduced to a single $, which allows for escaping
|
|
|
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
|
|
|
+ the string literal "$(VAR_NAME)". Escaped references will
|
|
|
+ never be expanded, regardless of whether the variable
|
|
|
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ env:
|
|
|
+ description: List of environment variables to set in the
|
|
|
+ container. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvVar represents an environment variable
|
|
|
+ present in a Container.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of the environment variable. Must
|
|
|
+ be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: 'Variable references $(VAR_NAME) are
|
|
|
+ expanded using the previously defined environment
|
|
|
+ variables in the container and any service environment
|
|
|
+ variables. If a variable cannot be resolved, the
|
|
|
+ reference in the input string will be unchanged.
|
|
|
+ Double $$ are reduced to a single $, which allows
|
|
|
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of
|
|
|
+ whether the variable exists or not. Defaults to
|
|
|
+ "".'
|
|
|
+ type: string
|
|
|
+ valueFrom:
|
|
|
+ description: Source for the environment variable's
|
|
|
+ value. Cannot be used if value is not empty.
|
|
|
+ properties:
|
|
|
+ configMapKeyRef:
|
|
|
+ description: Selects a key of a ConfigMap.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key to select.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap
|
|
|
+ or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ fieldRef:
|
|
|
+ description: 'Selects a field of the pod: supports
|
|
|
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
|
|
|
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
|
|
|
+ spec.serviceAccountName, status.hostIP, status.podIP,
|
|
|
+ status.podIPs.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, limits.ephemeral-storage, requests.cpu,
|
|
|
+ requests.memory and requests.ephemeral-storage)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ secretKeyRef:
|
|
|
+ description: Selects a key of a secret in the
|
|
|
+ pod's namespace
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key of the secret to select
|
|
|
+ from. Must be a valid secret key.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret or
|
|
|
+ its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ envFrom:
|
|
|
+ description: List of sources to populate environment variables
|
|
|
+ in the container. The keys defined within a source must
|
|
|
+ be a C_IDENTIFIER. All invalid keys will be reported as
|
|
|
+ an event when the container is starting. When a key exists
|
|
|
+ in multiple sources, the value associated with the last
|
|
|
+ source will take precedence. Values defined by an Env
|
|
|
+ with a duplicate key will take precedence. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvFromSource represents the source of a
|
|
|
+ set of ConfigMaps
|
|
|
+ properties:
|
|
|
+ configMapRef:
|
|
|
+ description: The ConfigMap to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap must
|
|
|
+ be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ prefix:
|
|
|
+ description: An optional identifier to prepend to
|
|
|
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: The Secret to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret must be
|
|
|
+ defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ image:
|
|
|
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
|
|
|
+ type: string
|
|
|
+ imagePullPolicy:
|
|
|
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
|
|
|
+ Defaults to Always if :latest tag is specified, or IfNotPresent
|
|
|
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
|
|
|
+ type: string
|
|
|
+ lifecycle:
|
|
|
+ description: Lifecycle is not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ postStart:
|
|
|
+ description: 'PostStart is called immediately after
|
|
|
+ a container is created. If the handler fails, the
|
|
|
+ container is terminated and restarted according to
|
|
|
+ its restart policy. Other management of the container
|
|
|
+ blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ preStop:
|
|
|
+ description: 'PreStop is called immediately before a
|
|
|
+ container is terminated due to an API request or management
|
|
|
+ event such as liveness/startup probe failure, preemption,
|
|
|
+ resource contention, etc. The handler is not called
|
|
|
+ if the container crashes or exits. The Pod''s termination
|
|
|
+ grace period countdown begins before the PreStop hook
|
|
|
+ is executed. Regardless of the outcome of the handler,
|
|
|
+ the container will eventually terminate within the
|
|
|
+ Pod''s termination grace period (unless delayed by
|
|
|
+ finalizers). Other management of the container blocks
|
|
|
+ until the hook completes or until the termination
|
|
|
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ livenessProbe:
|
|
|
+ description: Probes are not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: Name of the ephemeral container specified as
|
|
|
+ a DNS_LABEL. This name must be unique among all containers,
|
|
|
+ init containers and ephemeral containers.
|
|
|
+ type: string
|
|
|
+ ports:
|
|
|
+ description: Ports are not allowed for ephemeral containers.
|
|
|
+ items:
|
|
|
+ description: ContainerPort represents a network port in
|
|
|
+ a single container.
|
|
|
+ properties:
|
|
|
+ containerPort:
|
|
|
+ description: Number of port to expose on the pod's
|
|
|
+ IP address. This must be a valid port number, 0
|
|
|
+ < x < 65536.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ hostIP:
|
|
|
+ description: What host IP to bind the external port
|
|
|
+ to.
|
|
|
+ type: string
|
|
|
+ hostPort:
|
|
|
+ description: Number of port to expose on the host.
|
|
|
+ If specified, this must be a valid port number,
|
|
|
+ 0 < x < 65536. If HostNetwork is specified, this
|
|
|
+ must match ContainerPort. Most containers do not
|
|
|
+ need this.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ name:
|
|
|
+ description: If specified, this must be an IANA_SVC_NAME
|
|
|
+ and unique within the pod. Each named port in a
|
|
|
+ pod must have a unique name. Name for the port that
|
|
|
+ can be referred to by services.
|
|
|
+ type: string
|
|
|
+ protocol:
|
|
|
+ default: TCP
|
|
|
+ description: Protocol for port. Must be UDP, TCP,
|
|
|
+ or SCTP. Defaults to "TCP".
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - containerPort
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - containerPort
|
|
|
+ - protocol
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ readinessProbe:
|
|
|
+ description: Probes are not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ resources:
|
|
|
+ description: Resources are not allowed for ephemeral containers.
|
|
|
+ Ephemeral containers use spare resources already allocated
|
|
|
+ to the pod.
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum amount of
|
|
|
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum amount
|
|
|
+ of compute resources required. If Requests is omitted
|
|
|
+ for a container, it defaults to Limits if that is
|
|
|
+ explicitly specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ securityContext:
|
|
|
+ description: 'Optional: SecurityContext defines the security
|
|
|
+ options the ephemeral container should be run with. If
|
|
|
+ set, the fields of SecurityContext override the equivalent
|
|
|
+ fields of PodSecurityContext.'
|
|
|
+ properties:
|
|
|
+ allowPrivilegeEscalation:
|
|
|
+ description: 'AllowPrivilegeEscalation controls whether
|
|
|
+ a process can gain more privileges than its parent
|
|
|
+ process. This bool directly controls if the no_new_privs
|
|
|
+ flag will be set on the container process. AllowPrivilegeEscalation
|
|
|
+ is true always when the container is: 1) run as Privileged
|
|
|
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
|
|
|
+ set when spec.os.name is windows.'
|
|
|
+ type: boolean
|
|
|
+ capabilities:
|
|
|
+ description: The capabilities to add/drop when running
|
|
|
+ containers. Defaults to the default set of capabilities
|
|
|
+ granted by the container runtime. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ add:
|
|
|
+ description: Added capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ drop:
|
|
|
+ description: Removed capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ privileged:
|
|
|
+ description: Run container in privileged mode. Processes
|
|
|
+ in privileged containers are essentially equivalent
|
|
|
+ to root on the host. Defaults to false. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ procMount:
|
|
|
+ description: procMount denotes the type of proc mount
|
|
|
+ to use for the containers. The default is DefaultProcMount
|
|
|
+ which uses the container runtime defaults for readonly
|
|
|
+ paths and masked paths. This requires the ProcMountType
|
|
|
+ feature flag to be enabled. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ type: string
|
|
|
+ readOnlyRootFilesystem:
|
|
|
+ description: Whether this container has a read-only
|
|
|
+ root filesystem. Default is false. Note that this
|
|
|
+ field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be
|
|
|
+ set in PodSecurityContext. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as
|
|
|
+ a non-root user. If true, the Kubelet will validate
|
|
|
+ the image at runtime to ensure that it does not run
|
|
|
+ as UID 0 (root) and fail to start the container if
|
|
|
+ it does. If unset or false, no such validation will
|
|
|
+ be performed. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata
|
|
|
+ if unspecified. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to the
|
|
|
+ container. If unspecified, the container runtime will
|
|
|
+ allocate a random SELinux context for each container. May
|
|
|
+ also be set in PodSecurityContext. If set in both
|
|
|
+ SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence. Note
|
|
|
+ that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by this container.
|
|
|
+ If seccomp options are provided at both the pod &
|
|
|
+ container level, the container options override the
|
|
|
+ pod options. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile
|
|
|
+ defined in a file on the node should be used.
|
|
|
+ The profile must be preconfigured on the node
|
|
|
+ to work. Must be a descending path, relative to
|
|
|
+ the kubelet's configured seccomp profile location.
|
|
|
+ Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp
|
|
|
+ profile will be applied. Valid options are: \n
|
|
|
+ Localhost - a profile defined in a file on the
|
|
|
+ node should be used. RuntimeDefault - the container
|
|
|
+ runtime default profile should be used. Unconfined
|
|
|
+ - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to
|
|
|
+ all containers. If unspecified, the options from the
|
|
|
+ PodSecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA
|
|
|
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec
|
|
|
+ named by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name
|
|
|
+ of the GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container
|
|
|
+ should be run as a 'Host Process' container. This
|
|
|
+ field is alpha-level and will only be honored
|
|
|
+ by components that enable the WindowsHostProcessContainers
|
|
|
+ feature flag. Setting this field without the feature
|
|
|
+ flag will result in errors when validating the
|
|
|
+ Pod. All of a Pod's containers must have the same
|
|
|
+ effective HostProcess value (it is not allowed
|
|
|
+ to have a mix of HostProcess containers and non-HostProcess
|
|
|
+ containers). In addition, if HostProcess is true
|
|
|
+ then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the
|
|
|
+ entrypoint of the container process. Defaults
|
|
|
+ to the user specified in image metadata if unspecified.
|
|
|
+ May also be set in PodSecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ startupProbe:
|
|
|
+ description: Probes are not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ stdin:
|
|
|
+ description: Whether this container should allocate a buffer
|
|
|
+ for stdin in the container runtime. If this is not set,
|
|
|
+ reads from stdin in the container will always result in
|
|
|
+ EOF. Default is false.
|
|
|
+ type: boolean
|
|
|
+ stdinOnce:
|
|
|
+ description: Whether the container runtime should close
|
|
|
+ the stdin channel after it has been opened by a single
|
|
|
+ attach. When stdin is true the stdin stream will remain
|
|
|
+ open across multiple attach sessions. If stdinOnce is
|
|
|
+ set to true, stdin is opened on container start, is empty
|
|
|
+ until the first client attaches to stdin, and then remains
|
|
|
+ open and accepts data until the client disconnects, at
|
|
|
+ which time stdin is closed and remains closed until the
|
|
|
+ container is restarted. If this flag is false, a container
|
|
|
+ processes that reads from stdin will never receive an
|
|
|
+ EOF. Default is false
|
|
|
+ type: boolean
|
|
|
+ targetContainerName:
|
|
|
+ description: "If set, the name of the container from PodSpec
|
|
|
+ that this ephemeral container targets. The ephemeral container
|
|
|
+ will be run in the namespaces (IPC, PID, etc) of this
|
|
|
+ container. If not set then the ephemeral container uses
|
|
|
+ the namespaces configured in the Pod spec. \n The container
|
|
|
+ runtime must implement support for this feature. If the
|
|
|
+ runtime does not support namespace targeting then the
|
|
|
+ result of setting this field is undefined."
|
|
|
+ type: string
|
|
|
+ terminationMessagePath:
|
|
|
+ description: 'Optional: Path at which the file to which
|
|
|
+ the container''s termination message will be written is
|
|
|
+ mounted into the container''s filesystem. Message written
|
|
|
+ is intended to be brief final status, such as an assertion
|
|
|
+ failure message. Will be truncated by the node if greater
|
|
|
+ than 4096 bytes. The total message length across all containers
|
|
|
+ will be limited to 12kb. Defaults to /dev/termination-log.
|
|
|
+ Cannot be updated.'
|
|
|
+ type: string
|
|
|
+ terminationMessagePolicy:
|
|
|
+ description: Indicate how the termination message should
|
|
|
+ be populated. File will use the contents of terminationMessagePath
|
|
|
+ to populate the container status message on both success
|
|
|
+ and failure. FallbackToLogsOnError will use the last chunk
|
|
|
+ of container log output if the termination message file
|
|
|
+ is empty and the container exited with an error. The log
|
|
|
+ output is limited to 2048 bytes or 80 lines, whichever
|
|
|
+ is smaller. Defaults to File. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ tty:
|
|
|
+ description: Whether this container should allocate a TTY
|
|
|
+ for itself, also requires 'stdin' to be true. Default
|
|
|
+ is false.
|
|
|
+ type: boolean
|
|
|
+ volumeDevices:
|
|
|
+ description: volumeDevices is the list of block devices
|
|
|
+ to be used by the container.
|
|
|
+ items:
|
|
|
+ description: volumeDevice describes a mapping of a raw
|
|
|
+ block device within a container.
|
|
|
+ properties:
|
|
|
+ devicePath:
|
|
|
+ description: devicePath is the path inside of the
|
|
|
+ container that the device will be mapped to.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: name must match the name of a persistentVolumeClaim
|
|
|
+ in the pod
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - devicePath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ volumeMounts:
|
|
|
+ description: Pod volumes to mount into the container's filesystem.
|
|
|
+ Subpath mounts are not allowed for ephemeral containers.
|
|
|
+ Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: VolumeMount describes a mounting of a Volume
|
|
|
+ within a container.
|
|
|
+ properties:
|
|
|
+ mountPath:
|
|
|
+ description: Path within the container at which the
|
|
|
+ volume should be mounted. Must not contain ':'.
|
|
|
+ type: string
|
|
|
+ mountPropagation:
|
|
|
+ description: mountPropagation determines how mounts
|
|
|
+ are propagated from the host to container and the
|
|
|
+ other way around. When not set, MountPropagationNone
|
|
|
+ is used. This field is beta in 1.10.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: This must match the Name of a Volume.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: Mounted read-only if true, read-write
|
|
|
+ otherwise (false or unspecified). Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ subPath:
|
|
|
+ description: Path within the volume from which the
|
|
|
+ container's volume should be mounted. Defaults to
|
|
|
+ "" (volume's root).
|
|
|
+ type: string
|
|
|
+ subPathExpr:
|
|
|
+ description: Expanded path within the volume from
|
|
|
+ which the container's volume should be mounted.
|
|
|
+ Behaves similarly to SubPath but environment variable
|
|
|
+ references $(VAR_NAME) are expanded using the container's
|
|
|
+ environment. Defaults to "" (volume's root). SubPathExpr
|
|
|
+ and SubPath are mutually exclusive.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - mountPath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ workingDir:
|
|
|
+ description: Container's working directory. If not specified,
|
|
|
+ the container runtime's default will be used, which might
|
|
|
+ be configured in the container image. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ hostAliases:
|
|
|
+ description: HostAliases is an optional list of hosts and IPs
|
|
|
+ that will be injected into the pod's hosts file if specified.
|
|
|
+ This is only valid for non-hostNetwork pods.
|
|
|
+ items:
|
|
|
+ description: HostAlias holds the mapping between IP and hostnames
|
|
|
+ that will be injected as an entry in the pod's hosts file.
|
|
|
+ properties:
|
|
|
+ hostnames:
|
|
|
+ description: Hostnames for the above IP address.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ ip:
|
|
|
+ description: IP address of the host file entry.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ hostIPC:
|
|
|
+ description: 'Use the host''s ipc namespace. Optional: Default
|
|
|
+ to false.'
|
|
|
+ type: boolean
|
|
|
+ hostNetwork:
|
|
|
+ description: Host networking requested for this pod. Use the host's
|
|
|
+ network namespace. If this option is set, the ports that will
|
|
|
+ be used must be specified. Default to false.
|
|
|
+ type: boolean
|
|
|
+ hostPID:
|
|
|
+ description: 'Use the host''s pid namespace. Optional: Default
|
|
|
+ to false.'
|
|
|
+ type: boolean
|
|
|
+ hostname:
|
|
|
+ description: Specifies the hostname of the Pod If not specified,
|
|
|
+ the pod's hostname will be set to a system-defined value.
|
|
|
+ type: string
|
|
|
+ imagePullSecrets:
|
|
|
+ description: 'ImagePullSecrets is an optional list of references
|
|
|
+ to secrets in the same namespace to use for pulling any of the
|
|
|
+ images used by this PodSpec. If specified, these secrets will
|
|
|
+ be passed to individual puller implementations for them to use.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
|
|
|
+ items:
|
|
|
+ description: LocalObjectReference contains enough information
|
|
|
+ to let you locate the referenced object inside the same namespace.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: array
|
|
|
+ initContainers:
|
|
|
+ description: 'List of initialization containers belonging to the
|
|
|
+ pod. Init containers are executed in order prior to containers
|
|
|
+ being started. If any init container fails, the pod is considered
|
|
|
+ to have failed and is handled according to its restartPolicy.
|
|
|
+ The name for an init container or normal container must be unique
|
|
|
+ among all containers. Init containers may not have Lifecycle
|
|
|
+ actions, Readiness probes, Liveness probes, or Startup probes.
|
|
|
+ The resourceRequirements of an init container are taken into
|
|
|
+ account during scheduling by finding the highest request/limit
|
|
|
+ for each resource type, and then using the max of of that value
|
|
|
+ or the sum of the normal containers. Limits are applied to init
|
|
|
+ containers in a similar fashion. Init containers cannot currently
|
|
|
+ be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
|
|
|
+ items:
|
|
|
+ description: A single application container that you want to
|
|
|
+ run within a pod.
|
|
|
+ properties:
|
|
|
+ args:
|
|
|
+ description: 'Arguments to the entrypoint. The container
|
|
|
+ image''s CMD is used if this is not provided. Variable
|
|
|
+ references $(VAR_NAME) are expanded using the container''s
|
|
|
+ environment. If a variable cannot be resolved, the reference
|
|
|
+ in the input string will be unchanged. Double $$ are reduced
|
|
|
+ to a single $, which allows for escaping the $(VAR_NAME)
|
|
|
+ syntax: i.e. "$$(VAR_NAME)" will produce the string literal
|
|
|
+ "$(VAR_NAME)". Escaped references will never be expanded,
|
|
|
+ regardless of whether the variable exists or not. Cannot
|
|
|
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ command:
|
|
|
+ description: 'Entrypoint array. Not executed within a shell.
|
|
|
+ The container image''s ENTRYPOINT is used if this is not
|
|
|
+ provided. Variable references $(VAR_NAME) are expanded
|
|
|
+ using the container''s environment. If a variable cannot
|
|
|
+ be resolved, the reference in the input string will be
|
|
|
+ unchanged. Double $$ are reduced to a single $, which
|
|
|
+ allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of whether
|
|
|
+ the variable exists or not. Cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ env:
|
|
|
+ description: List of environment variables to set in the
|
|
|
+ container. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvVar represents an environment variable
|
|
|
+ present in a Container.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of the environment variable. Must
|
|
|
+ be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: 'Variable references $(VAR_NAME) are
|
|
|
+ expanded using the previously defined environment
|
|
|
+ variables in the container and any service environment
|
|
|
+ variables. If a variable cannot be resolved, the
|
|
|
+ reference in the input string will be unchanged.
|
|
|
+ Double $$ are reduced to a single $, which allows
|
|
|
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of
|
|
|
+ whether the variable exists or not. Defaults to
|
|
|
+ "".'
|
|
|
+ type: string
|
|
|
+ valueFrom:
|
|
|
+ description: Source for the environment variable's
|
|
|
+ value. Cannot be used if value is not empty.
|
|
|
+ properties:
|
|
|
+ configMapKeyRef:
|
|
|
+ description: Selects a key of a ConfigMap.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key to select.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap
|
|
|
+ or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ fieldRef:
|
|
|
+ description: 'Selects a field of the pod: supports
|
|
|
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
|
|
|
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
|
|
|
+ spec.serviceAccountName, status.hostIP, status.podIP,
|
|
|
+ status.podIPs.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, limits.ephemeral-storage, requests.cpu,
|
|
|
+ requests.memory and requests.ephemeral-storage)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ secretKeyRef:
|
|
|
+ description: Selects a key of a secret in the
|
|
|
+ pod's namespace
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key of the secret to select
|
|
|
+ from. Must be a valid secret key.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret or
|
|
|
+ its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ envFrom:
|
|
|
+ description: List of sources to populate environment variables
|
|
|
+ in the container. The keys defined within a source must
|
|
|
+ be a C_IDENTIFIER. All invalid keys will be reported as
|
|
|
+ an event when the container is starting. When a key exists
|
|
|
+ in multiple sources, the value associated with the last
|
|
|
+ source will take precedence. Values defined by an Env
|
|
|
+ with a duplicate key will take precedence. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvFromSource represents the source of a
|
|
|
+ set of ConfigMaps
|
|
|
+ properties:
|
|
|
+ configMapRef:
|
|
|
+ description: The ConfigMap to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap must
|
|
|
+ be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ prefix:
|
|
|
+ description: An optional identifier to prepend to
|
|
|
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: The Secret to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret must be
|
|
|
+ defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ image:
|
|
|
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
|
|
|
+ This field is optional to allow higher level config management
|
|
|
+ to default or override container images in workload controllers
|
|
|
+ like Deployments and StatefulSets.'
|
|
|
+ type: string
|
|
|
+ imagePullPolicy:
|
|
|
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
|
|
|
+ Defaults to Always if :latest tag is specified, or IfNotPresent
|
|
|
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
|
|
|
+ type: string
|
|
|
+ lifecycle:
|
|
|
+ description: Actions that the management system should take
|
|
|
+ in response to container lifecycle events. Cannot be updated.
|
|
|
+ properties:
|
|
|
+ postStart:
|
|
|
+ description: 'PostStart is called immediately after
|
|
|
+ a container is created. If the handler fails, the
|
|
|
+ container is terminated and restarted according to
|
|
|
+ its restart policy. Other management of the container
|
|
|
+ blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ preStop:
|
|
|
+ description: 'PreStop is called immediately before a
|
|
|
+ container is terminated due to an API request or management
|
|
|
+ event such as liveness/startup probe failure, preemption,
|
|
|
+ resource contention, etc. The handler is not called
|
|
|
+ if the container crashes or exits. The Pod''s termination
|
|
|
+ grace period countdown begins before the PreStop hook
|
|
|
+ is executed. Regardless of the outcome of the handler,
|
|
|
+ the container will eventually terminate within the
|
|
|
+ Pod''s termination grace period (unless delayed by
|
|
|
+ finalizers). Other management of the container blocks
|
|
|
+ until the hook completes or until the termination
|
|
|
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ livenessProbe:
|
|
|
+ description: 'Periodic probe of container liveness. Container
|
|
|
+ will be restarted if the probe fails. Cannot be updated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: Name of the container specified as a DNS_LABEL.
|
|
|
+ Each container in a pod must have a unique name (DNS_LABEL).
|
|
|
+ Cannot be updated.
|
|
|
+ type: string
|
|
|
+ ports:
|
|
|
+ description: List of ports to expose from the container.
|
|
|
+ Exposing a port here gives the system additional information
|
|
|
+ about the network connections a container uses, but is
|
|
|
+ primarily informational. Not specifying a port here DOES
|
|
|
+ NOT prevent that port from being exposed. Any port which
|
|
|
+ is listening on the default "0.0.0.0" address inside a
|
|
|
+ container will be accessible from the network. Cannot
|
|
|
+ be updated.
|
|
|
+ items:
|
|
|
+ description: ContainerPort represents a network port in
|
|
|
+ a single container.
|
|
|
+ properties:
|
|
|
+ containerPort:
|
|
|
+ description: Number of port to expose on the pod's
|
|
|
+ IP address. This must be a valid port number, 0
|
|
|
+ < x < 65536.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ hostIP:
|
|
|
+ description: What host IP to bind the external port
|
|
|
+ to.
|
|
|
+ type: string
|
|
|
+ hostPort:
|
|
|
+ description: Number of port to expose on the host.
|
|
|
+ If specified, this must be a valid port number,
|
|
|
+ 0 < x < 65536. If HostNetwork is specified, this
|
|
|
+ must match ContainerPort. Most containers do not
|
|
|
+ need this.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ name:
|
|
|
+ description: If specified, this must be an IANA_SVC_NAME
|
|
|
+ and unique within the pod. Each named port in a
|
|
|
+ pod must have a unique name. Name for the port that
|
|
|
+ can be referred to by services.
|
|
|
+ type: string
|
|
|
+ protocol:
|
|
|
+ default: TCP
|
|
|
+ description: Protocol for port. Must be UDP, TCP,
|
|
|
+ or SCTP. Defaults to "TCP".
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - containerPort
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - containerPort
|
|
|
+ - protocol
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ readinessProbe:
|
|
|
+ description: 'Periodic probe of container service readiness.
|
|
|
+ Container will be removed from service endpoints if the
|
|
|
+ probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ resources:
|
|
|
+ description: 'Compute Resources required by this container.
|
|
|
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum amount of
|
|
|
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum amount
|
|
|
+ of compute resources required. If Requests is omitted
|
|
|
+ for a container, it defaults to Limits if that is
|
|
|
+ explicitly specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ securityContext:
|
|
|
+ description: 'SecurityContext defines the security options
|
|
|
+ the container should be run with. If set, the fields of
|
|
|
+ SecurityContext override the equivalent fields of PodSecurityContext.
|
|
|
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
|
|
+ properties:
|
|
|
+ allowPrivilegeEscalation:
|
|
|
+ description: 'AllowPrivilegeEscalation controls whether
|
|
|
+ a process can gain more privileges than its parent
|
|
|
+ process. This bool directly controls if the no_new_privs
|
|
|
+ flag will be set on the container process. AllowPrivilegeEscalation
|
|
|
+ is true always when the container is: 1) run as Privileged
|
|
|
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
|
|
|
+ set when spec.os.name is windows.'
|
|
|
+ type: boolean
|
|
|
+ capabilities:
|
|
|
+ description: The capabilities to add/drop when running
|
|
|
+ containers. Defaults to the default set of capabilities
|
|
|
+ granted by the container runtime. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ add:
|
|
|
+ description: Added capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ drop:
|
|
|
+ description: Removed capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ privileged:
|
|
|
+ description: Run container in privileged mode. Processes
|
|
|
+ in privileged containers are essentially equivalent
|
|
|
+ to root on the host. Defaults to false. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ procMount:
|
|
|
+ description: procMount denotes the type of proc mount
|
|
|
+ to use for the containers. The default is DefaultProcMount
|
|
|
+ which uses the container runtime defaults for readonly
|
|
|
+ paths and masked paths. This requires the ProcMountType
|
|
|
+ feature flag to be enabled. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ type: string
|
|
|
+ readOnlyRootFilesystem:
|
|
|
+ description: Whether this container has a read-only
|
|
|
+ root filesystem. Default is false. Note that this
|
|
|
+ field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be
|
|
|
+ set in PodSecurityContext. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as
|
|
|
+ a non-root user. If true, the Kubelet will validate
|
|
|
+ the image at runtime to ensure that it does not run
|
|
|
+ as UID 0 (root) and fail to start the container if
|
|
|
+ it does. If unset or false, no such validation will
|
|
|
+ be performed. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata
|
|
|
+ if unspecified. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to the
|
|
|
+ container. If unspecified, the container runtime will
|
|
|
+ allocate a random SELinux context for each container. May
|
|
|
+ also be set in PodSecurityContext. If set in both
|
|
|
+ SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence. Note
|
|
|
+ that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by this container.
|
|
|
+ If seccomp options are provided at both the pod &
|
|
|
+ container level, the container options override the
|
|
|
+ pod options. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile
|
|
|
+ defined in a file on the node should be used.
|
|
|
+ The profile must be preconfigured on the node
|
|
|
+ to work. Must be a descending path, relative to
|
|
|
+ the kubelet's configured seccomp profile location.
|
|
|
+ Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp
|
|
|
+ profile will be applied. Valid options are: \n
|
|
|
+ Localhost - a profile defined in a file on the
|
|
|
+ node should be used. RuntimeDefault - the container
|
|
|
+ runtime default profile should be used. Unconfined
|
|
|
+ - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to
|
|
|
+ all containers. If unspecified, the options from the
|
|
|
+ PodSecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA
|
|
|
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec
|
|
|
+ named by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name
|
|
|
+ of the GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container
|
|
|
+ should be run as a 'Host Process' container. This
|
|
|
+ field is alpha-level and will only be honored
|
|
|
+ by components that enable the WindowsHostProcessContainers
|
|
|
+ feature flag. Setting this field without the feature
|
|
|
+ flag will result in errors when validating the
|
|
|
+ Pod. All of a Pod's containers must have the same
|
|
|
+ effective HostProcess value (it is not allowed
|
|
|
+ to have a mix of HostProcess containers and non-HostProcess
|
|
|
+ containers). In addition, if HostProcess is true
|
|
|
+ then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the
|
|
|
+ entrypoint of the container process. Defaults
|
|
|
+ to the user specified in image metadata if unspecified.
|
|
|
+ May also be set in PodSecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ startupProbe:
|
|
|
+ description: 'StartupProbe indicates that the Pod has successfully
|
|
|
+ initialized. If specified, no other probes are executed
|
|
|
+ until this completes successfully. If this probe fails,
|
|
|
+ the Pod will be restarted, just as if the livenessProbe
|
|
|
+ failed. This can be used to provide different probe parameters
|
|
|
+ at the beginning of a Pod''s lifecycle, when it might
|
|
|
+ take a long time to load data or warm a cache, than during
|
|
|
+ steady-state operation. This cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ stdin:
|
|
|
+ description: Whether this container should allocate a buffer
|
|
|
+ for stdin in the container runtime. If this is not set,
|
|
|
+ reads from stdin in the container will always result in
|
|
|
+ EOF. Default is false.
|
|
|
+ type: boolean
|
|
|
+ stdinOnce:
|
|
|
+ description: Whether the container runtime should close
|
|
|
+ the stdin channel after it has been opened by a single
|
|
|
+ attach. When stdin is true the stdin stream will remain
|
|
|
+ open across multiple attach sessions. If stdinOnce is
|
|
|
+ set to true, stdin is opened on container start, is empty
|
|
|
+ until the first client attaches to stdin, and then remains
|
|
|
+ open and accepts data until the client disconnects, at
|
|
|
+ which time stdin is closed and remains closed until the
|
|
|
+ container is restarted. If this flag is false, a container
|
|
|
+ processes that reads from stdin will never receive an
|
|
|
+ EOF. Default is false
|
|
|
+ type: boolean
|
|
|
+ terminationMessagePath:
|
|
|
+ description: 'Optional: Path at which the file to which
|
|
|
+ the container''s termination message will be written is
|
|
|
+ mounted into the container''s filesystem. Message written
|
|
|
+ is intended to be brief final status, such as an assertion
|
|
|
+ failure message. Will be truncated by the node if greater
|
|
|
+ than 4096 bytes. The total message length across all containers
|
|
|
+ will be limited to 12kb. Defaults to /dev/termination-log.
|
|
|
+ Cannot be updated.'
|
|
|
+ type: string
|
|
|
+ terminationMessagePolicy:
|
|
|
+ description: Indicate how the termination message should
|
|
|
+ be populated. File will use the contents of terminationMessagePath
|
|
|
+ to populate the container status message on both success
|
|
|
+ and failure. FallbackToLogsOnError will use the last chunk
|
|
|
+ of container log output if the termination message file
|
|
|
+ is empty and the container exited with an error. The log
|
|
|
+ output is limited to 2048 bytes or 80 lines, whichever
|
|
|
+ is smaller. Defaults to File. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ tty:
|
|
|
+ description: Whether this container should allocate a TTY
|
|
|
+ for itself, also requires 'stdin' to be true. Default
|
|
|
+ is false.
|
|
|
+ type: boolean
|
|
|
+ volumeDevices:
|
|
|
+ description: volumeDevices is the list of block devices
|
|
|
+ to be used by the container.
|
|
|
+ items:
|
|
|
+ description: volumeDevice describes a mapping of a raw
|
|
|
+ block device within a container.
|
|
|
+ properties:
|
|
|
+ devicePath:
|
|
|
+ description: devicePath is the path inside of the
|
|
|
+ container that the device will be mapped to.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: name must match the name of a persistentVolumeClaim
|
|
|
+ in the pod
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - devicePath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ volumeMounts:
|
|
|
+ description: Pod volumes to mount into the container's filesystem.
|
|
|
+ Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: VolumeMount describes a mounting of a Volume
|
|
|
+ within a container.
|
|
|
+ properties:
|
|
|
+ mountPath:
|
|
|
+ description: Path within the container at which the
|
|
|
+ volume should be mounted. Must not contain ':'.
|
|
|
+ type: string
|
|
|
+ mountPropagation:
|
|
|
+ description: mountPropagation determines how mounts
|
|
|
+ are propagated from the host to container and the
|
|
|
+ other way around. When not set, MountPropagationNone
|
|
|
+ is used. This field is beta in 1.10.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: This must match the Name of a Volume.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: Mounted read-only if true, read-write
|
|
|
+ otherwise (false or unspecified). Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ subPath:
|
|
|
+ description: Path within the volume from which the
|
|
|
+ container's volume should be mounted. Defaults to
|
|
|
+ "" (volume's root).
|
|
|
+ type: string
|
|
|
+ subPathExpr:
|
|
|
+ description: Expanded path within the volume from
|
|
|
+ which the container's volume should be mounted.
|
|
|
+ Behaves similarly to SubPath but environment variable
|
|
|
+ references $(VAR_NAME) are expanded using the container's
|
|
|
+ environment. Defaults to "" (volume's root). SubPathExpr
|
|
|
+ and SubPath are mutually exclusive.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - mountPath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ workingDir:
|
|
|
+ description: Container's working directory. If not specified,
|
|
|
+ the container runtime's default will be used, which might
|
|
|
+ be configured in the container image. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ nodeName:
|
|
|
+ description: NodeName is a request to schedule this pod onto a
|
|
|
+ specific node. If it is non-empty, the scheduler simply schedules
|
|
|
+ this pod onto that node, assuming that it fits resource requirements.
|
|
|
+ type: string
|
|
|
+ nodeSelector:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: 'NodeSelector is a selector which must be true for
|
|
|
+ the pod to fit on a node. Selector which must match a node''s
|
|
|
+ labels for the pod to be scheduled on that node. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ os:
|
|
|
+ description: "Specifies the OS of the containers in the pod. Some
|
|
|
+ pod and container fields are restricted if this is set. \n If
|
|
|
+ the OS field is set to linux, the following fields must be unset:
|
|
|
+ -securityContext.windowsOptions \n If the OS field is set to
|
|
|
+ windows, following fields must be unset: - spec.hostPID - spec.hostIPC
|
|
|
+ - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
|
|
|
+ - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
|
|
|
+ - spec.securityContext.sysctls - spec.shareProcessNamespace
|
|
|
+ - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
|
|
|
+ - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
|
|
|
+ - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities
|
|
|
+ - spec.containers[*].securityContext.readOnlyRootFilesystem
|
|
|
+ - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
|
|
|
+ - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
|
|
|
+ - spec.containers[*].securityContext.runAsGroup This is a beta
|
|
|
+ field and requires the IdentifyPodOS feature"
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name is the name of the operating system. The
|
|
|
+ currently supported values are linux and windows. Additional
|
|
|
+ value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
|
|
|
+ Clients should expect to handle additional values and treat
|
|
|
+ unrecognized values in this field as os: null'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ overhead:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Overhead represents the resource overhead associated
|
|
|
+ with running a pod for a given RuntimeClass. This field will
|
|
|
+ be autopopulated at admission time by the RuntimeClass admission
|
|
|
+ controller. If the RuntimeClass admission controller is enabled,
|
|
|
+ overhead must not be set in Pod create requests. The RuntimeClass
|
|
|
+ admission controller will reject Pod create requests which have
|
|
|
+ the overhead already set. If RuntimeClass is configured and
|
|
|
+ selected in the PodSpec, Overhead will be set to the value defined
|
|
|
+ in the corresponding RuntimeClass, otherwise it will remain
|
|
|
+ unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
|
|
|
+ type: object
|
|
|
+ preemptionPolicy:
|
|
|
+ description: PreemptionPolicy is the Policy for preempting pods
|
|
|
+ with lower priority. One of Never, PreemptLowerPriority. Defaults
|
|
|
+ to PreemptLowerPriority if unset.
|
|
|
+ type: string
|
|
|
+ priority:
|
|
|
+ description: The priority value. Various system components use
|
|
|
+ this field to find the priority of the pod. When Priority Admission
|
|
|
+ Controller is enabled, it prevents users from setting this field.
|
|
|
+ The admission controller populates this field from PriorityClassName.
|
|
|
+ The higher the value, the higher the priority.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ priorityClassName:
|
|
|
+ description: If specified, indicates the pod's priority. "system-node-critical"
|
|
|
+ and "system-cluster-critical" are two special keywords which
|
|
|
+ indicate the highest priorities with the former being the highest
|
|
|
+ priority. Any other name must be defined by creating a PriorityClass
|
|
|
+ object with that name. If not specified, the pod priority will
|
|
|
+ be default or zero if there is no default.
|
|
|
+ type: string
|
|
|
+ readinessGates:
|
|
|
+ description: 'If specified, all readiness gates will be evaluated
|
|
|
+ for pod readiness. A pod is ready when all its containers are
|
|
|
+ ready AND all conditions specified in the readiness gates have
|
|
|
+ status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
|
|
|
+ items:
|
|
|
+ description: PodReadinessGate contains the reference to a pod
|
|
|
+ condition
|
|
|
+ properties:
|
|
|
+ conditionType:
|
|
|
+ description: ConditionType refers to a condition in the
|
|
|
+ pod's condition list with matching type.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - conditionType
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ restartPolicy:
|
|
|
+ description: 'Restart policy for all containers within the pod.
|
|
|
+ One of Always, OnFailure, Never. Default to Always. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
|
|
+ type: string
|
|
|
+ runtimeClassName:
|
|
|
+ description: 'RuntimeClassName refers to a RuntimeClass object
|
|
|
+ in the node.k8s.io group, which should be used to run this pod. If
|
|
|
+ no RuntimeClass resource matches the named class, the pod will
|
|
|
+ not be run. If unset or empty, the "legacy" RuntimeClass will
|
|
|
+ be used, which is an implicit class with an empty definition
|
|
|
+ that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
|
|
+ type: string
|
|
|
+ schedulerName:
|
|
|
+ description: If specified, the pod will be dispatched by specified
|
|
|
+ scheduler. If not specified, the pod will be dispatched by default
|
|
|
+ scheduler.
|
|
|
+ type: string
|
|
|
+ securityContext:
|
|
|
+ description: 'SecurityContext holds pod-level security attributes
|
|
|
+ and common container settings. Optional: Defaults to empty. See
|
|
|
+ type description for default values of each field.'
|
|
|
+ properties:
|
|
|
+ fsGroup:
|
|
|
+ description: "A special supplemental group that applies to
|
|
|
+ all containers in a pod. Some volume types allow the Kubelet
|
|
|
+ to change the ownership of that volume to be owned by the
|
|
|
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
|
|
|
+ bit is set (new files created in the volume will be owned
|
|
|
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
|
|
|
+ \n If unset, the Kubelet will not modify the ownership and
|
|
|
+ permissions of any volume. Note that this field cannot be
|
|
|
+ set when spec.os.name is windows."
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ fsGroupChangePolicy:
|
|
|
+ description: 'fsGroupChangePolicy defines behavior of changing
|
|
|
+ ownership and permission of the volume before being exposed
|
|
|
+ inside Pod. This field will only apply to volume types which
|
|
|
+ support fsGroup based ownership(and permissions). It will
|
|
|
+ have no effect on ephemeral volume types such as: secret,
|
|
|
+ configmaps and emptydir. Valid values are "OnRootMismatch"
|
|
|
+ and "Always". If not specified, "Always" is used. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.'
|
|
|
+ type: string
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be set
|
|
|
+ in SecurityContext. If set in both SecurityContext and
|
|
|
+ PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence for that container. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as a non-root
|
|
|
+ user. If true, the Kubelet will validate the image at runtime
|
|
|
+ to ensure that it does not run as UID 0 (root) and fail
|
|
|
+ to start the container if it does. If unset or false, no
|
|
|
+ such validation will be performed. May also be set in SecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext, the
|
|
|
+ value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata if
|
|
|
+ unspecified. May also be set in SecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence for that container.
|
|
|
+ Note that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to all containers.
|
|
|
+ If unspecified, the container runtime will allocate a random
|
|
|
+ SELinux context for each container. May also be set in
|
|
|
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence
|
|
|
+ for that container. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by the containers
|
|
|
+ in this pod. Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile defined
|
|
|
+ in a file on the node should be used. The profile must
|
|
|
+ be preconfigured on the node to work. Must be a descending
|
|
|
+ path, relative to the kubelet's configured seccomp profile
|
|
|
+ location. Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp profile
|
|
|
+ will be applied. Valid options are: \n Localhost - a
|
|
|
+ profile defined in a file on the node should be used.
|
|
|
+ RuntimeDefault - the container runtime default profile
|
|
|
+ should be used. Unconfined - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ supplementalGroups:
|
|
|
+ description: A list of groups applied to the first process
|
|
|
+ run in each container, in addition to the container's primary
|
|
|
+ GID. If unspecified, no groups will be added to any container.
|
|
|
+ Note that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ items:
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ type: array
|
|
|
+ sysctls:
|
|
|
+ description: Sysctls hold a list of namespaced sysctls used
|
|
|
+ for the pod. Pods with unsupported sysctls (by the container
|
|
|
+ runtime) might fail to launch. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ items:
|
|
|
+ description: Sysctl defines a kernel parameter to be set
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of a property to set
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: Value of a property to set
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to all
|
|
|
+ containers. If unspecified, the options within a container's
|
|
|
+ SecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set when
|
|
|
+ spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA admission
|
|
|
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec named
|
|
|
+ by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name of the
|
|
|
+ GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container should
|
|
|
+ be run as a 'Host Process' container. This field is
|
|
|
+ alpha-level and will only be honored by components that
|
|
|
+ enable the WindowsHostProcessContainers feature flag.
|
|
|
+ Setting this field without the feature flag will result
|
|
|
+ in errors when validating the Pod. All of a Pod's containers
|
|
|
+ must have the same effective HostProcess value (it is
|
|
|
+ not allowed to have a mix of HostProcess containers
|
|
|
+ and non-HostProcess containers). In addition, if HostProcess
|
|
|
+ is true then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the entrypoint
|
|
|
+ of the container process. Defaults to the user specified
|
|
|
+ in image metadata if unspecified. May also be set in
|
|
|
+ PodSecurityContext. If set in both SecurityContext and
|
|
|
+ PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ serviceAccount:
|
|
|
+ description: 'DeprecatedServiceAccount is a depreciated alias
|
|
|
+ for ServiceAccountName. Deprecated: Use serviceAccountName instead.'
|
|
|
+ type: string
|
|
|
+ serviceAccountName:
|
|
|
+ description: 'ServiceAccountName is the name of the ServiceAccount
|
|
|
+ to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
|
|
|
+ type: string
|
|
|
+ setHostnameAsFQDN:
|
|
|
+ description: If true the pod's hostname will be configured as
|
|
|
+ the pod's FQDN, rather than the leaf name (the default). In
|
|
|
+ Linux containers, this means setting the FQDN in the hostname
|
|
|
+ field of the kernel (the nodename field of struct utsname).
|
|
|
+ In Windows containers, this means setting the registry value
|
|
|
+ of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
|
|
|
+ to FQDN. If a pod does not have FQDN, this has no effect. Default
|
|
|
+ to false.
|
|
|
+ type: boolean
|
|
|
+ shareProcessNamespace:
|
|
|
+ description: 'Share a single process namespace between all of
|
|
|
+ the containers in a pod. When this is set containers will be
|
|
|
+ able to view and signal processes from other containers in the
|
|
|
+ same pod, and the first process in each container will not be
|
|
|
+ assigned PID 1. HostPID and ShareProcessNamespace cannot both
|
|
|
+ be set. Optional: Default to false.'
|
|
|
+ type: boolean
|
|
|
+ subdomain:
|
|
|
+ description: If specified, the fully qualified Pod hostname will
|
|
|
+ be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
|
|
|
+ If not specified, the pod will not have a domainname at all.
|
|
|
+ type: string
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs to terminate
|
|
|
+ gracefully. May be decreased in delete request. Value must be
|
|
|
+ non-negative integer. The value zero indicates stop immediately
|
|
|
+ via the kill signal (no opportunity to shut down). If this value
|
|
|
+ is nil, the default grace period will be used instead. The grace
|
|
|
+ period is the duration in seconds after the processes running
|
|
|
+ in the pod are sent a termination signal and the time when the
|
|
|
+ processes are forcibly halted with a kill signal. Set this value
|
|
|
+ longer than the expected cleanup time for your process. Defaults
|
|
|
+ to 30 seconds.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ tolerations:
|
|
|
+ description: If specified, the pod's tolerations.
|
|
|
+ items:
|
|
|
+ description: The pod this Toleration is attached to tolerates
|
|
|
+ any taint that matches the triple <key,value,effect> using
|
|
|
+ the matching operator <operator>.
|
|
|
+ properties:
|
|
|
+ effect:
|
|
|
+ description: Effect indicates the taint effect to match.
|
|
|
+ Empty means match all taint effects. When specified, allowed
|
|
|
+ values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
|
+ type: string
|
|
|
+ key:
|
|
|
+ description: Key is the taint key that the toleration applies
|
|
|
+ to. Empty means match all taint keys. If the key is empty,
|
|
|
+ operator must be Exists; this combination means to match
|
|
|
+ all values and all keys.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Operator represents a key's relationship to
|
|
|
+ the value. Valid operators are Exists and Equal. Defaults
|
|
|
+ to Equal. Exists is equivalent to wildcard for value,
|
|
|
+ so that a pod can tolerate all taints of a particular
|
|
|
+ category.
|
|
|
+ type: string
|
|
|
+ tolerationSeconds:
|
|
|
+ description: TolerationSeconds represents the period of
|
|
|
+ time the toleration (which must be of effect NoExecute,
|
|
|
+ otherwise this field is ignored) tolerates the taint.
|
|
|
+ By default, it is not set, which means tolerate the taint
|
|
|
+ forever (do not evict). Zero and negative values will
|
|
|
+ be treated as 0 (evict immediately) by the system.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ value:
|
|
|
+ description: Value is the taint value the toleration matches
|
|
|
+ to. If the operator is Exists, the value should be empty,
|
|
|
+ otherwise just a regular string.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ topologySpreadConstraints:
|
|
|
+ description: TopologySpreadConstraints describes how a group of
|
|
|
+ pods ought to spread across topology domains. Scheduler will
|
|
|
+ schedule pods in a way which abides by the constraints. All
|
|
|
+ topologySpreadConstraints are ANDed.
|
|
|
+ items:
|
|
|
+ description: TopologySpreadConstraint specifies how to spread
|
|
|
+ matching pods among the given topology.
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: LabelSelector is used to find matching pods.
|
|
|
+ Pods that match this label selector are counted to determine
|
|
|
+ the number of pods in their corresponding topology domain.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label selector
|
|
|
+ requirements. The requirements are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement is a selector
|
|
|
+ that contains values, a key, and an operator that
|
|
|
+ relates the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's relationship
|
|
|
+ to a set of values. Valid operators are In,
|
|
|
+ NotIn, Exists and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string values.
|
|
|
+ If the operator is In or NotIn, the values array
|
|
|
+ must be non-empty. If the operator is Exists
|
|
|
+ or DoesNotExist, the values array must be empty.
|
|
|
+ This array is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value} pairs.
|
|
|
+ A single {key,value} in the matchLabels map is equivalent
|
|
|
+ to an element of matchExpressions, whose key field
|
|
|
+ is "key", the operator is "In", and the values array
|
|
|
+ contains only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ maxSkew:
|
|
|
+ description: 'MaxSkew describes the degree to which pods
|
|
|
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
|
|
|
+ it is the maximum permitted difference between the number
|
|
|
+ of matching pods in the target topology and the global
|
|
|
+ minimum. The global minimum is the minimum number of matching
|
|
|
+ pods in an eligible domain or zero if the number of eligible
|
|
|
+ domains is less than MinDomains. For example, in a 3-zone
|
|
|
+ cluster, MaxSkew is set to 1, and pods with the same labelSelector
|
|
|
+ spread as 2/2/1: In this case, the global minimum is 1.
|
|
|
+ | zone1 | zone2 | zone3 | | P P | P P | P | -
|
|
|
+ if MaxSkew is 1, incoming pod can only be scheduled to
|
|
|
+ zone3 to become 2/2/2; scheduling it onto zone1(zone2)
|
|
|
+ would make the ActualSkew(3-1) on zone1(zone2) violate
|
|
|
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
|
|
|
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
|
|
|
+ it is used to give higher precedence to topologies that
|
|
|
+ satisfy it. It''s a required field. Default value is 1
|
|
|
+ and 0 is not allowed.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ minDomains:
|
|
|
+ description: "MinDomains indicates a minimum number of eligible
|
|
|
+ domains. When the number of eligible domains with matching
|
|
|
+ topology keys is less than minDomains, Pod Topology Spread
|
|
|
+ treats \"global minimum\" as 0, and then the calculation
|
|
|
+ of Skew is performed. And when the number of eligible
|
|
|
+ domains with matching topology keys equals or greater
|
|
|
+ than minDomains, this value has no effect on scheduling.
|
|
|
+ As a result, when the number of eligible domains is less
|
|
|
+ than minDomains, scheduler won't schedule more than maxSkew
|
|
|
+ Pods to those domains. If value is nil, the constraint
|
|
|
+ behaves as if MinDomains is equal to 1. Valid values are
|
|
|
+ integers greater than 0. When value is not nil, WhenUnsatisfiable
|
|
|
+ must be DoNotSchedule. \n For example, in a 3-zone cluster,
|
|
|
+ MaxSkew is set to 2, MinDomains is set to 5 and pods with
|
|
|
+ the same labelSelector spread as 2/2/2: | zone1 | zone2
|
|
|
+ | zone3 | | P P | P P | P P | The number of domains
|
|
|
+ is less than 5(MinDomains), so \"global minimum\" is treated
|
|
|
+ as 0. In this situation, new pod with the same labelSelector
|
|
|
+ cannot be scheduled, because computed skew will be 3(3
|
|
|
+ - 0) if new Pod is scheduled to any of the three zones,
|
|
|
+ it will violate MaxSkew. \n This is an alpha field and
|
|
|
+ requires enabling MinDomainsInPodTopologySpread feature
|
|
|
+ gate."
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ topologyKey:
|
|
|
+ description: TopologyKey is the key of node labels. Nodes
|
|
|
+ that have a label with this key and identical values are
|
|
|
+ considered to be in the same topology. We consider each
|
|
|
+ <key, value> as a "bucket", and try to put balanced number
|
|
|
+ of pods into each bucket. We define a domain as a particular
|
|
|
+ instance of a topology. Also, we define an eligible domain
|
|
|
+ as a domain whose nodes match the node selector. e.g.
|
|
|
+ If TopologyKey is "kubernetes.io/hostname", each Node
|
|
|
+ is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone",
|
|
|
+ each zone is a domain of that topology. It's a required
|
|
|
+ field.
|
|
|
+ type: string
|
|
|
+ whenUnsatisfiable:
|
|
|
+ description: 'WhenUnsatisfiable indicates how to deal with
|
|
|
+ a pod if it doesn''t satisfy the spread constraint. -
|
|
|
+ DoNotSchedule (default) tells the scheduler not to schedule
|
|
|
+ it. - ScheduleAnyway tells the scheduler to schedule the
|
|
|
+ pod in any location, but giving higher precedence to topologies
|
|
|
+ that would help reduce the skew. A constraint is considered
|
|
|
+ "Unsatisfiable" for an incoming pod if and only if every
|
|
|
+ possible node assignment for that pod would violate "MaxSkew"
|
|
|
+ on some topology. For example, in a 3-zone cluster, MaxSkew
|
|
|
+ is set to 1, and pods with the same labelSelector spread
|
|
|
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
|
|
|
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
|
|
|
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
|
|
|
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
|
|
|
+ In other words, the cluster can still be imbalanced, but
|
|
|
+ scheduler won''t make it *more* imbalanced. It''s a required
|
|
|
+ field.'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - maxSkew
|
|
|
+ - topologyKey
|
|
|
+ - whenUnsatisfiable
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - topologyKey
|
|
|
+ - whenUnsatisfiable
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ volumes:
|
|
|
+ description: 'List of volumes that can be mounted by containers
|
|
|
+ belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
|
|
|
+ items:
|
|
|
+ description: Volume represents a named volume in a pod that
|
|
|
+ may be accessed by any container in the pod.
|
|
|
+ properties:
|
|
|
+ awsElasticBlockStore:
|
|
|
+ description: 'awsElasticBlockStore represents an AWS Disk
|
|
|
+ resource that is attached to a kubelet''s host machine
|
|
|
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ partition:
|
|
|
+ description: 'partition is the partition in the volume
|
|
|
+ that you want to mount. If omitted, the default is
|
|
|
+ to mount by volume name. Examples: For volume /dev/sda1,
|
|
|
+ you specify the partition as "1". Similarly, the volume
|
|
|
+ partition for /dev/sda is "0" (or you can leave the
|
|
|
+ property empty).'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly value true will force the readOnly
|
|
|
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
|
+ type: boolean
|
|
|
+ volumeID:
|
|
|
+ description: 'volumeID is unique ID of the persistent
|
|
|
+ disk resource in AWS (Amazon EBS volume). More info:
|
|
|
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumeID
|
|
|
+ type: object
|
|
|
+ azureDisk:
|
|
|
+ description: azureDisk represents an Azure Data Disk mount
|
|
|
+ on the host and bind mount to the pod.
|
|
|
+ properties:
|
|
|
+ cachingMode:
|
|
|
+ description: 'cachingMode is the Host Caching mode:
|
|
|
+ None, Read Only, Read Write.'
|
|
|
+ type: string
|
|
|
+ diskName:
|
|
|
+ description: diskName is the Name of the data disk in
|
|
|
+ the blob storage
|
|
|
+ type: string
|
|
|
+ diskURI:
|
|
|
+ description: diskURI is the URI of data disk in the
|
|
|
+ blob storage
|
|
|
+ type: string
|
|
|
+ fsType:
|
|
|
+ description: fsType is Filesystem type to mount. Must
|
|
|
+ be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ kind:
|
|
|
+ description: 'kind expected values are Shared: multiple
|
|
|
+ blob disks per storage account Dedicated: single
|
|
|
+ blob disk per storage account Managed: azure managed
|
|
|
+ data disk (only in managed availability set). defaults
|
|
|
+ to shared'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly Defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - diskName
|
|
|
+ - diskURI
|
|
|
+ type: object
|
|
|
+ azureFile:
|
|
|
+ description: azureFile represents an Azure File Service
|
|
|
+ mount on the host and bind mount to the pod.
|
|
|
+ properties:
|
|
|
+ readOnly:
|
|
|
+ description: readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ secretName:
|
|
|
+ description: secretName is the name of secret that
|
|
|
+ contains Azure Storage Account Name and Key
|
|
|
+ type: string
|
|
|
+ shareName:
|
|
|
+ description: shareName is the azure share Name
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - secretName
|
|
|
+ - shareName
|
|
|
+ type: object
|
|
|
+ cephfs:
|
|
|
+ description: cephFS represents a Ceph FS mount on the host
|
|
|
+ that shares a pod's lifetime
|
|
|
+ properties:
|
|
|
+ monitors:
|
|
|
+ description: 'monitors is Required: Monitors is a collection
|
|
|
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: 'path is Optional: Used as the mounted
|
|
|
+ root, rather than the full Ceph tree, default is /'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly is Optional: Defaults to false
|
|
|
+ (read/write). ReadOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ type: boolean
|
|
|
+ secretFile:
|
|
|
+ description: 'secretFile is Optional: SecretFile is
|
|
|
+ the path to key ring for User, default is /etc/ceph/user.secret
|
|
|
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is Optional: SecretRef is reference
|
|
|
+ to the authentication secret for User, default is
|
|
|
+ empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ user:
|
|
|
+ description: 'user is optional: User is the rados user
|
|
|
+ name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - monitors
|
|
|
+ type: object
|
|
|
+ cinder:
|
|
|
+ description: 'cinder represents a cinder volume attached
|
|
|
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
|
|
|
+ inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is optional: points to a secret
|
|
|
+ object containing parameters used to connect to OpenStack.'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ volumeID:
|
|
|
+ description: 'volumeID used to identify the volume in
|
|
|
+ cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumeID
|
|
|
+ type: object
|
|
|
+ configMap:
|
|
|
+ description: configMap represents a configMap that should
|
|
|
+ populate this volume
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: 'defaultMode is optional: mode bits used
|
|
|
+ to set permissions on created files by default. Must
|
|
|
+ be an octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal values for mode
|
|
|
+ bits. Defaults to 0644. Directories within the path
|
|
|
+ are not affected by this setting. This might be in
|
|
|
+ conflict with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ items:
|
|
|
+ description: items if unspecified, each key-value pair
|
|
|
+ in the Data field of the referenced ConfigMap will
|
|
|
+ be projected into the volume as a file whose name
|
|
|
+ is the key and content is the value. If specified,
|
|
|
+ the listed keys will be projected into the specified
|
|
|
+ paths, and unlisted keys will not be present. If a
|
|
|
+ key is specified which is not present in the ConfigMap,
|
|
|
+ the volume setup will error unless it is marked optional.
|
|
|
+ Paths must be relative and may not contain the '..'
|
|
|
+ path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path within a
|
|
|
+ volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode bits used
|
|
|
+ to set permissions on this file. Must be an
|
|
|
+ octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires decimal values
|
|
|
+ for mode bits. If not specified, the volume
|
|
|
+ defaultMode will be used. This might be in conflict
|
|
|
+ with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode
|
|
|
+ bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path of the
|
|
|
+ file to map the key to. May not be an absolute
|
|
|
+ path. May not contain the path element '..'.
|
|
|
+ May not start with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: optional specify whether the ConfigMap
|
|
|
+ or its keys must be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ csi:
|
|
|
+ description: csi (Container Storage Interface) represents
|
|
|
+ ephemeral storage that is handled by certain external
|
|
|
+ CSI drivers (Beta feature).
|
|
|
+ properties:
|
|
|
+ driver:
|
|
|
+ description: driver is the name of the CSI driver that
|
|
|
+ handles this volume. Consult with your admin for the
|
|
|
+ correct name as registered in the cluster.
|
|
|
+ type: string
|
|
|
+ fsType:
|
|
|
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
|
|
|
+ If not provided, the empty value is passed to the
|
|
|
+ associated CSI driver which will determine the default
|
|
|
+ filesystem to apply.
|
|
|
+ type: string
|
|
|
+ nodePublishSecretRef:
|
|
|
+ description: nodePublishSecretRef is a reference to
|
|
|
+ the secret object containing sensitive information
|
|
|
+ to pass to the CSI driver to complete the CSI NodePublishVolume
|
|
|
+ and NodeUnpublishVolume calls. This field is optional,
|
|
|
+ and may be empty if no secret is required. If the
|
|
|
+ secret object contains more than one secret, all secret
|
|
|
+ references are passed.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ readOnly:
|
|
|
+ description: readOnly specifies a read-only configuration
|
|
|
+ for the volume. Defaults to false (read/write).
|
|
|
+ type: boolean
|
|
|
+ volumeAttributes:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: volumeAttributes stores driver-specific
|
|
|
+ properties that are passed to the CSI driver. Consult
|
|
|
+ your driver's documentation for supported values.
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - driver
|
|
|
+ type: object
|
|
|
+ downwardAPI:
|
|
|
+ description: downwardAPI represents downward API about the
|
|
|
+ pod that should populate this volume
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: 'Optional: mode bits to use on created
|
|
|
+ files by default. Must be a Optional: mode bits used
|
|
|
+ to set permissions on created files by default. Must
|
|
|
+ be an octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal values for mode
|
|
|
+ bits. Defaults to 0644. Directories within the path
|
|
|
+ are not affected by this setting. This might be in
|
|
|
+ conflict with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ items:
|
|
|
+ description: Items is a list of downward API volume
|
|
|
+ file
|
|
|
+ items:
|
|
|
+ description: DownwardAPIVolumeFile represents information
|
|
|
+ to create the file containing the pod field
|
|
|
+ properties:
|
|
|
+ fieldRef:
|
|
|
+ description: 'Required: Selects a field of the
|
|
|
+ pod: only annotations, labels, name and namespace
|
|
|
+ are supported.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ mode:
|
|
|
+ description: 'Optional: mode bits used to set
|
|
|
+ permissions on this file, must be an octal value
|
|
|
+ between 0000 and 0777 or a decimal value between
|
|
|
+ 0 and 511. YAML accepts both octal and decimal
|
|
|
+ values, JSON requires decimal values for mode
|
|
|
+ bits. If not specified, the volume defaultMode
|
|
|
+ will be used. This might be in conflict with
|
|
|
+ other options that affect the file mode, like
|
|
|
+ fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: 'Required: Path is the relative
|
|
|
+ path name of the file to be created. Must not
|
|
|
+ be absolute or contain the ''..'' path. Must
|
|
|
+ be utf-8 encoded. The first item of the relative
|
|
|
+ path must not start with ''..'''
|
|
|
+ type: string
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, requests.cpu and requests.memory)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ emptyDir:
|
|
|
+ description: 'emptyDir represents a temporary directory
|
|
|
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
|
|
+ properties:
|
|
|
+ medium:
|
|
|
+ description: 'medium represents what type of storage
|
|
|
+ medium should back this directory. The default is
|
|
|
+ "" which means to use the node''s default medium.
|
|
|
+ Must be an empty string (default) or Memory. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
|
|
+ type: string
|
|
|
+ sizeLimit:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: 'sizeLimit is the total amount of local
|
|
|
+ storage required for this EmptyDir volume. The size
|
|
|
+ limit is also applicable for memory medium. The maximum
|
|
|
+ usage on memory medium EmptyDir would be the minimum
|
|
|
+ value between the SizeLimit specified here and the
|
|
|
+ sum of memory limits of all containers in a pod. The
|
|
|
+ default is nil which means that the limit is undefined.
|
|
|
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ type: object
|
|
|
+ ephemeral:
|
|
|
+ description: "ephemeral represents a volume that is handled
|
|
|
+ by a cluster storage driver. The volume's lifecycle is
|
|
|
+ tied to the pod that defines it - it will be created before
|
|
|
+ the pod starts, and deleted when the pod is removed. \n
|
|
|
+ Use this if: a) the volume is only needed while the pod
|
|
|
+ runs, b) features of normal volumes like restoring from
|
|
|
+ snapshot or capacity tracking are needed, c) the storage
|
|
|
+ driver is specified through a storage class, and d) the
|
|
|
+ storage driver supports dynamic volume provisioning through
|
|
|
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
|
|
|
+ more information on the connection between this volume
|
|
|
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
|
|
|
+ or one of the vendor-specific APIs for volumes that persist
|
|
|
+ for longer than the lifecycle of an individual pod. \n
|
|
|
+ Use CSI for light-weight local ephemeral volumes if the
|
|
|
+ CSI driver is meant to be used that way - see the documentation
|
|
|
+ of the driver for more information. \n A pod can use both
|
|
|
+ types of ephemeral volumes and persistent volumes at the
|
|
|
+ same time."
|
|
|
+ properties:
|
|
|
+ volumeClaimTemplate:
|
|
|
+ description: "Will be used to create a stand-alone PVC
|
|
|
+ to provision the volume. The pod in which this EphemeralVolumeSource
|
|
|
+ is embedded will be the owner of the PVC, i.e. the
|
|
|
+ PVC will be deleted together with the pod. The name
|
|
|
+ of the PVC will be `<pod name>-<volume name>` where
|
|
|
+ `<volume name>` is the name from the `PodSpec.Volumes`
|
|
|
+ array entry. Pod validation will reject the pod if
|
|
|
+ the concatenated name is not valid for a PVC (for
|
|
|
+ example, too long). \n An existing PVC with that name
|
|
|
+ that is not owned by the pod will *not* be used for
|
|
|
+ the pod to avoid using an unrelated volume by mistake.
|
|
|
+ Starting the pod is then blocked until the unrelated
|
|
|
+ PVC is removed. If such a pre-created PVC is meant
|
|
|
+ to be used by the pod, the PVC has to updated with
|
|
|
+ an owner reference to the pod once the pod exists.
|
|
|
+ Normally this should not be necessary, but it may
|
|
|
+ be useful when manually reconstructing a broken cluster.
|
|
|
+ \n This field is read-only and no changes will be
|
|
|
+ made by Kubernetes to the PVC after it has been created.
|
|
|
+ \n Required, must not be nil."
|
|
|
+ properties:
|
|
|
+ metadata:
|
|
|
+ description: May contain labels and annotations
|
|
|
+ that will be copied into the PVC when creating
|
|
|
+ it. No other fields are allowed and will be rejected
|
|
|
+ during validation.
|
|
|
+ type: object
|
|
|
+ spec:
|
|
|
+ description: The specification for the PersistentVolumeClaim.
|
|
|
+ The entire content is copied unchanged into the
|
|
|
+ PVC that gets created from this template. The
|
|
|
+ same fields as in a PersistentVolumeClaim are
|
|
|
+ also valid here.
|
|
|
+ properties:
|
|
|
+ accessModes:
|
|
|
+ description: 'accessModes contains the desired
|
|
|
+ access modes the volume should have. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ dataSource:
|
|
|
+ description: 'dataSource field can be used to
|
|
|
+ specify either: * An existing VolumeSnapshot
|
|
|
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
|
|
|
+ * An existing PVC (PersistentVolumeClaim)
|
|
|
+ If the provisioner or an external controller
|
|
|
+ can support the specified data source, it
|
|
|
+ will create a new volume based on the contents
|
|
|
+ of the specified data source. If the AnyVolumeDataSource
|
|
|
+ feature gate is enabled, this field will always
|
|
|
+ have the same contents as the DataSourceRef
|
|
|
+ field.'
|
|
|
+ properties:
|
|
|
+ apiGroup:
|
|
|
+ description: APIGroup is the group for the
|
|
|
+ resource being referenced. If APIGroup
|
|
|
+ is not specified, the specified Kind must
|
|
|
+ be in the core API group. For any other
|
|
|
+ third-party types, APIGroup is required.
|
|
|
+ type: string
|
|
|
+ kind:
|
|
|
+ description: Kind is the type of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: Name is the name of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - kind
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ dataSourceRef:
|
|
|
+ description: 'dataSourceRef specifies the object
|
|
|
+ from which to populate the volume with data,
|
|
|
+ if a non-empty volume is desired. This may
|
|
|
+ be any local object from a non-empty API group
|
|
|
+ (non core object) or a PersistentVolumeClaim
|
|
|
+ object. When this field is specified, volume
|
|
|
+ binding will only succeed if the type of the
|
|
|
+ specified object matches some installed volume
|
|
|
+ populator or dynamic provisioner. This field
|
|
|
+ will replace the functionality of the DataSource
|
|
|
+ field and as such if both fields are non-empty,
|
|
|
+ they must have the same value. For backwards
|
|
|
+ compatibility, both fields (DataSource and
|
|
|
+ DataSourceRef) will be set to the same value
|
|
|
+ automatically if one of them is empty and
|
|
|
+ the other is non-empty. There are two important
|
|
|
+ differences between DataSource and DataSourceRef:
|
|
|
+ * While DataSource only allows two specific
|
|
|
+ types of objects, DataSourceRef allows any
|
|
|
+ non-core object, as well as PersistentVolumeClaim
|
|
|
+ objects. * While DataSource ignores disallowed
|
|
|
+ values (dropping them), DataSourceRef preserves
|
|
|
+ all values, and generates an error if a disallowed
|
|
|
+ value is specified. (Beta) Using this field
|
|
|
+ requires the AnyVolumeDataSource feature gate
|
|
|
+ to be enabled.'
|
|
|
+ properties:
|
|
|
+ apiGroup:
|
|
|
+ description: APIGroup is the group for the
|
|
|
+ resource being referenced. If APIGroup
|
|
|
+ is not specified, the specified Kind must
|
|
|
+ be in the core API group. For any other
|
|
|
+ third-party types, APIGroup is required.
|
|
|
+ type: string
|
|
|
+ kind:
|
|
|
+ description: Kind is the type of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: Name is the name of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - kind
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resources:
|
|
|
+ description: 'resources represents the minimum
|
|
|
+ resources the volume should have. If RecoverVolumeExpansionFailure
|
|
|
+ feature is enabled users are allowed to specify
|
|
|
+ resource requirements that are lower than
|
|
|
+ previous value but must still be higher than
|
|
|
+ capacity recorded in the status field of the
|
|
|
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum
|
|
|
+ amount of compute resources allowed. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum
|
|
|
+ amount of compute resources required.
|
|
|
+ If Requests is omitted for a container,
|
|
|
+ it defaults to Limits if that is explicitly
|
|
|
+ specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ selector:
|
|
|
+ description: selector is a label query over
|
|
|
+ volumes to consider for binding.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ storageClassName:
|
|
|
+ description: 'storageClassName is the name of
|
|
|
+ the StorageClass required by the claim. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
|
|
|
+ type: string
|
|
|
+ volumeMode:
|
|
|
+ description: volumeMode defines what type of
|
|
|
+ volume is required by the claim. Value of
|
|
|
+ Filesystem is implied when not included in
|
|
|
+ claim spec.
|
|
|
+ type: string
|
|
|
+ volumeName:
|
|
|
+ description: volumeName is the binding reference
|
|
|
+ to the PersistentVolume backing this claim.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - spec
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ fc:
|
|
|
+ description: fc represents a Fibre Channel resource that
|
|
|
+ is attached to a kubelet's host machine and then exposed
|
|
|
+ to the pod.
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified. TODO: how do we prevent
|
|
|
+ errors in the filesystem from compromising the machine'
|
|
|
+ type: string
|
|
|
+ lun:
|
|
|
+ description: 'lun is Optional: FC target lun number'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly is Optional: Defaults to false
|
|
|
+ (read/write). ReadOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts.'
|
|
|
+ type: boolean
|
|
|
+ targetWWNs:
|
|
|
+ description: 'targetWWNs is Optional: FC target worldwide
|
|
|
+ names (WWNs)'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ wwids:
|
|
|
+ description: 'wwids Optional: FC volume world wide identifiers
|
|
|
+ (wwids) Either wwids or combination of targetWWNs
|
|
|
+ and lun must be set, but not both simultaneously.'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ flexVolume:
|
|
|
+ description: flexVolume represents a generic volume resource
|
|
|
+ that is provisioned/attached using an exec based plugin.
|
|
|
+ properties:
|
|
|
+ driver:
|
|
|
+ description: driver is the name of the driver to use
|
|
|
+ for this volume.
|
|
|
+ type: string
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". The default filesystem
|
|
|
+ depends on FlexVolume script.
|
|
|
+ type: string
|
|
|
+ options:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: 'options is Optional: this field holds
|
|
|
+ extra command options if any.'
|
|
|
+ type: object
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly is Optional: defaults to false
|
|
|
+ (read/write). ReadOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts.'
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is Optional: secretRef is reference
|
|
|
+ to the secret object containing sensitive information
|
|
|
+ to pass to the plugin scripts. This may be empty if
|
|
|
+ no secret object is specified. If the secret object
|
|
|
+ contains more than one secret, all secrets are passed
|
|
|
+ to the plugin scripts.'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ required:
|
|
|
+ - driver
|
|
|
+ type: object
|
|
|
+ flocker:
|
|
|
+ description: flocker represents a Flocker volume attached
|
|
|
+ to a kubelet's host machine. This depends on the Flocker
|
|
|
+ control service being running
|
|
|
+ properties:
|
|
|
+ datasetName:
|
|
|
+ description: datasetName is Name of the dataset stored
|
|
|
+ as metadata -> name on the dataset for Flocker should
|
|
|
+ be considered as deprecated
|
|
|
+ type: string
|
|
|
+ datasetUUID:
|
|
|
+ description: datasetUUID is the UUID of the dataset.
|
|
|
+ This is unique identifier of a Flocker dataset
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ gcePersistentDisk:
|
|
|
+ description: 'gcePersistentDisk represents a GCE Disk resource
|
|
|
+ that is attached to a kubelet''s host machine and then
|
|
|
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ partition:
|
|
|
+ description: 'partition is the partition in the volume
|
|
|
+ that you want to mount. If omitted, the default is
|
|
|
+ to mount by volume name. Examples: For volume /dev/sda1,
|
|
|
+ you specify the partition as "1". Similarly, the volume
|
|
|
+ partition for /dev/sda is "0" (or you can leave the
|
|
|
+ property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ pdName:
|
|
|
+ description: 'pdName is unique name of the PD resource
|
|
|
+ in GCE. Used to identify the disk in GCE. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts. Defaults to false. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - pdName
|
|
|
+ type: object
|
|
|
+ gitRepo:
|
|
|
+ description: 'gitRepo represents a git repository at a particular
|
|
|
+ revision. DEPRECATED: GitRepo is deprecated. To provision
|
|
|
+ a container with a git repo, mount an EmptyDir into an
|
|
|
+ InitContainer that clones the repo using git, then mount
|
|
|
+ the EmptyDir into the Pod''s container.'
|
|
|
+ properties:
|
|
|
+ directory:
|
|
|
+ description: directory is the target directory name.
|
|
|
+ Must not contain or start with '..'. If '.' is supplied,
|
|
|
+ the volume directory will be the git repository. Otherwise,
|
|
|
+ if specified, the volume will contain the git repository
|
|
|
+ in the subdirectory with the given name.
|
|
|
+ type: string
|
|
|
+ repository:
|
|
|
+ description: repository is the URL
|
|
|
+ type: string
|
|
|
+ revision:
|
|
|
+ description: revision is the commit hash for the specified
|
|
|
+ revision.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - repository
|
|
|
+ type: object
|
|
|
+ glusterfs:
|
|
|
+ description: 'glusterfs represents a Glusterfs mount on
|
|
|
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
|
|
|
+ properties:
|
|
|
+ endpoints:
|
|
|
+ description: 'endpoints is the endpoint name that details
|
|
|
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
|
+ type: string
|
|
|
+ path:
|
|
|
+ description: 'path is the Glusterfs volume path. More
|
|
|
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the Glusterfs
|
|
|
+ volume to be mounted with read-only permissions. Defaults
|
|
|
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - endpoints
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ hostPath:
|
|
|
+ description: 'hostPath represents a pre-existing file or
|
|
|
+ directory on the host machine that is directly exposed
|
|
|
+ to the container. This is generally used for system agents
|
|
|
+ or other privileged things that are allowed to see the
|
|
|
+ host machine. Most containers will NOT need this. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
|
|
|
+ --- TODO(jonesdl) We need to restrict who can use host
|
|
|
+ directory mounts and who can/can not mount host directories
|
|
|
+ as read/write.'
|
|
|
+ properties:
|
|
|
+ path:
|
|
|
+ description: 'path of the directory on the host. If
|
|
|
+ the path is a symlink, it will follow the link to
|
|
|
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: 'type for HostPath Volume Defaults to ""
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ iscsi:
|
|
|
+ description: 'iscsi represents an ISCSI Disk resource that
|
|
|
+ is attached to a kubelet''s host machine and then exposed
|
|
|
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
|
|
|
+ properties:
|
|
|
+ chapAuthDiscovery:
|
|
|
+ description: chapAuthDiscovery defines whether support
|
|
|
+ iSCSI Discovery CHAP authentication
|
|
|
+ type: boolean
|
|
|
+ chapAuthSession:
|
|
|
+ description: chapAuthSession defines whether support
|
|
|
+ iSCSI Session CHAP authentication
|
|
|
+ type: boolean
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ initiatorName:
|
|
|
+ description: initiatorName is the custom iSCSI Initiator
|
|
|
+ Name. If initiatorName is specified with iscsiInterface
|
|
|
+ simultaneously, new iSCSI interface <target portal>:<volume
|
|
|
+ name> will be created for the connection.
|
|
|
+ type: string
|
|
|
+ iqn:
|
|
|
+ description: iqn is the target iSCSI Qualified Name.
|
|
|
+ type: string
|
|
|
+ iscsiInterface:
|
|
|
+ description: iscsiInterface is the interface Name that
|
|
|
+ uses an iSCSI transport. Defaults to 'default' (tcp).
|
|
|
+ type: string
|
|
|
+ lun:
|
|
|
+ description: lun represents iSCSI Target Lun number.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ portals:
|
|
|
+ description: portals is the iSCSI Target Portal List.
|
|
|
+ The portal is either an IP or ip_addr:port if the
|
|
|
+ port is other than default (typically TCP ports 860
|
|
|
+ and 3260).
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ readOnly:
|
|
|
+ description: readOnly here will force the ReadOnly setting
|
|
|
+ in VolumeMounts. Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: secretRef is the CHAP Secret for iSCSI
|
|
|
+ target and initiator authentication
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ targetPortal:
|
|
|
+ description: targetPortal is iSCSI Target Portal. The
|
|
|
+ Portal is either an IP or ip_addr:port if the port
|
|
|
+ is other than default (typically TCP ports 860 and
|
|
|
+ 3260).
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - iqn
|
|
|
+ - lun
|
|
|
+ - targetPortal
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: 'name of the volume. Must be a DNS_LABEL and
|
|
|
+ unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
|
|
+ type: string
|
|
|
+ nfs:
|
|
|
+ description: 'nfs represents an NFS mount on the host that
|
|
|
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ properties:
|
|
|
+ path:
|
|
|
+ description: 'path that is exported by the NFS server.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the NFS export
|
|
|
+ to be mounted with read-only permissions. Defaults
|
|
|
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ type: boolean
|
|
|
+ server:
|
|
|
+ description: 'server is the hostname or IP address of
|
|
|
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ - server
|
|
|
+ type: object
|
|
|
+ persistentVolumeClaim:
|
|
|
+ description: 'persistentVolumeClaimVolumeSource represents
|
|
|
+ a reference to a PersistentVolumeClaim in the same namespace.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
|
|
+ properties:
|
|
|
+ claimName:
|
|
|
+ description: 'claimName is the name of a PersistentVolumeClaim
|
|
|
+ in the same namespace as the pod using this volume.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly Will force the ReadOnly setting
|
|
|
+ in VolumeMounts. Default false.
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - claimName
|
|
|
+ type: object
|
|
|
+ photonPersistentDisk:
|
|
|
+ description: photonPersistentDisk represents a PhotonController
|
|
|
+ persistent disk attached and mounted on kubelets host
|
|
|
+ machine
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ pdID:
|
|
|
+ description: pdID is the ID that identifies Photon Controller
|
|
|
+ persistent disk
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - pdID
|
|
|
+ type: object
|
|
|
+ portworxVolume:
|
|
|
+ description: portworxVolume represents a portworx volume
|
|
|
+ attached and mounted on kubelets host machine
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fSType represents the filesystem type to
|
|
|
+ mount Must be a filesystem type supported by the host
|
|
|
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ volumeID:
|
|
|
+ description: volumeID uniquely identifies a Portworx
|
|
|
+ volume
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumeID
|
|
|
+ type: object
|
|
|
+ projected:
|
|
|
+ description: projected items for all in one resources secrets,
|
|
|
+ configmaps, and downward API
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: defaultMode are the mode bits used to set
|
|
|
+ permissions on created files by default. Must be an
|
|
|
+ octal value between 0000 and 0777 or a decimal value
|
|
|
+ between 0 and 511. YAML accepts both octal and decimal
|
|
|
+ values, JSON requires decimal values for mode bits.
|
|
|
+ Directories within the path are not affected by this
|
|
|
+ setting. This might be in conflict with other options
|
|
|
+ that affect the file mode, like fsGroup, and the result
|
|
|
+ can be other mode bits set.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ sources:
|
|
|
+ description: sources is the list of volume projections
|
|
|
+ items:
|
|
|
+ description: Projection that may be projected along
|
|
|
+ with other supported volume types
|
|
|
+ properties:
|
|
|
+ configMap:
|
|
|
+ description: configMap information about the configMap
|
|
|
+ data to project
|
|
|
+ properties:
|
|
|
+ items:
|
|
|
+ description: items if unspecified, each key-value
|
|
|
+ pair in the Data field of the referenced
|
|
|
+ ConfigMap will be projected into the volume
|
|
|
+ as a file whose name is the key and content
|
|
|
+ is the value. If specified, the listed keys
|
|
|
+ will be projected into the specified paths,
|
|
|
+ and unlisted keys will not be present. If
|
|
|
+ a key is specified which is not present
|
|
|
+ in the ConfigMap, the volume setup will
|
|
|
+ error unless it is marked optional. Paths
|
|
|
+ must be relative and may not contain the
|
|
|
+ '..' path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path
|
|
|
+ within a volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode
|
|
|
+ bits used to set permissions on this
|
|
|
+ file. Must be an octal value between
|
|
|
+ 0000 and 0777 or a decimal value between
|
|
|
+ 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires
|
|
|
+ decimal values for mode bits. If not
|
|
|
+ specified, the volume defaultMode
|
|
|
+ will be used. This might be in conflict
|
|
|
+ with other options that affect the
|
|
|
+ file mode, like fsGroup, and the result
|
|
|
+ can be other mode bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path
|
|
|
+ of the file to map the key to. May
|
|
|
+ not be an absolute path. May not contain
|
|
|
+ the path element '..'. May not start
|
|
|
+ with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: optional specify whether the
|
|
|
+ ConfigMap or its keys must be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ downwardAPI:
|
|
|
+ description: downwardAPI information about the
|
|
|
+ downwardAPI data to project
|
|
|
+ properties:
|
|
|
+ items:
|
|
|
+ description: Items is a list of DownwardAPIVolume
|
|
|
+ file
|
|
|
+ items:
|
|
|
+ description: DownwardAPIVolumeFile represents
|
|
|
+ information to create the file containing
|
|
|
+ the pod field
|
|
|
+ properties:
|
|
|
+ fieldRef:
|
|
|
+ description: 'Required: Selects a field
|
|
|
+ of the pod: only annotations, labels,
|
|
|
+ name and namespace are supported.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema
|
|
|
+ the FieldPath is written in terms
|
|
|
+ of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to
|
|
|
+ select in the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ mode:
|
|
|
+ description: 'Optional: mode bits used
|
|
|
+ to set permissions on this file, must
|
|
|
+ be an octal value between 0000 and
|
|
|
+ 0777 or a decimal value between 0
|
|
|
+ and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal
|
|
|
+ values for mode bits. If not specified,
|
|
|
+ the volume defaultMode will be used.
|
|
|
+ This might be in conflict with other
|
|
|
+ options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be
|
|
|
+ other mode bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: 'Required: Path is the
|
|
|
+ relative path name of the file to
|
|
|
+ be created. Must not be absolute or
|
|
|
+ contain the ''..'' path. Must be utf-8
|
|
|
+ encoded. The first item of the relative
|
|
|
+ path must not start with ''..'''
|
|
|
+ type: string
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of
|
|
|
+ the container: only resources limits
|
|
|
+ and requests (limits.cpu, limits.memory,
|
|
|
+ requests.cpu and requests.memory)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required
|
|
|
+ for volumes, optional for env
|
|
|
+ vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output
|
|
|
+ format of the exposed resources,
|
|
|
+ defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource
|
|
|
+ to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ secret:
|
|
|
+ description: secret information about the secret
|
|
|
+ data to project
|
|
|
+ properties:
|
|
|
+ items:
|
|
|
+ description: items if unspecified, each key-value
|
|
|
+ pair in the Data field of the referenced
|
|
|
+ Secret will be projected into the volume
|
|
|
+ as a file whose name is the key and content
|
|
|
+ is the value. If specified, the listed keys
|
|
|
+ will be projected into the specified paths,
|
|
|
+ and unlisted keys will not be present. If
|
|
|
+ a key is specified which is not present
|
|
|
+ in the Secret, the volume setup will error
|
|
|
+ unless it is marked optional. Paths must
|
|
|
+ be relative and may not contain the '..'
|
|
|
+ path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path
|
|
|
+ within a volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode
|
|
|
+ bits used to set permissions on this
|
|
|
+ file. Must be an octal value between
|
|
|
+ 0000 and 0777 or a decimal value between
|
|
|
+ 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires
|
|
|
+ decimal values for mode bits. If not
|
|
|
+ specified, the volume defaultMode
|
|
|
+ will be used. This might be in conflict
|
|
|
+ with other options that affect the
|
|
|
+ file mode, like fsGroup, and the result
|
|
|
+ can be other mode bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path
|
|
|
+ of the file to map the key to. May
|
|
|
+ not be an absolute path. May not contain
|
|
|
+ the path element '..'. May not start
|
|
|
+ with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: optional field specify whether
|
|
|
+ the Secret or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ serviceAccountToken:
|
|
|
+ description: serviceAccountToken is information
|
|
|
+ about the serviceAccountToken data to project
|
|
|
+ properties:
|
|
|
+ audience:
|
|
|
+ description: audience is the intended audience
|
|
|
+ of the token. A recipient of a token must
|
|
|
+ identify itself with an identifier specified
|
|
|
+ in the audience of the token, and otherwise
|
|
|
+ should reject the token. The audience defaults
|
|
|
+ to the identifier of the apiserver.
|
|
|
+ type: string
|
|
|
+ expirationSeconds:
|
|
|
+ description: expirationSeconds is the requested
|
|
|
+ duration of validity of the service account
|
|
|
+ token. As the token approaches expiration,
|
|
|
+ the kubelet volume plugin will proactively
|
|
|
+ rotate the service account token. The kubelet
|
|
|
+ will start trying to rotate the token if
|
|
|
+ the token is older than 80 percent of its
|
|
|
+ time to live or if the token is older than
|
|
|
+ 24 hours.Defaults to 1 hour and must be
|
|
|
+ at least 10 minutes.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the path relative to
|
|
|
+ the mount point of the file to project the
|
|
|
+ token into.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ quobyte:
|
|
|
+ description: quobyte represents a Quobyte mount on the host
|
|
|
+ that shares a pod's lifetime
|
|
|
+ properties:
|
|
|
+ group:
|
|
|
+ description: group to map volume access to Default is
|
|
|
+ no group
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly here will force the Quobyte volume
|
|
|
+ to be mounted with read-only permissions. Defaults
|
|
|
+ to false.
|
|
|
+ type: boolean
|
|
|
+ registry:
|
|
|
+ description: registry represents a single or multiple
|
|
|
+ Quobyte Registry services specified as a string as
|
|
|
+ host:port pair (multiple entries are separated with
|
|
|
+ commas) which acts as the central registry for volumes
|
|
|
+ type: string
|
|
|
+ tenant:
|
|
|
+ description: tenant owning the given Quobyte volume
|
|
|
+ in the Backend Used with dynamically provisioned Quobyte
|
|
|
+ volumes, value is set by the plugin
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: user to map volume access to Defaults to
|
|
|
+ serivceaccount user
|
|
|
+ type: string
|
|
|
+ volume:
|
|
|
+ description: volume is a string that references an already
|
|
|
+ created Quobyte volume by name.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - registry
|
|
|
+ - volume
|
|
|
+ type: object
|
|
|
+ rbd:
|
|
|
+ description: 'rbd represents a Rados Block Device mount
|
|
|
+ on the host that shares a pod''s lifetime. More info:
|
|
|
+ https://examples.k8s.io/volumes/rbd/README.md'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ image:
|
|
|
+ description: 'image is the rados image name. More info:
|
|
|
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ keyring:
|
|
|
+ description: 'keyring is the path to key ring for RBDUser.
|
|
|
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ monitors:
|
|
|
+ description: 'monitors is a collection of Ceph monitors.
|
|
|
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ pool:
|
|
|
+ description: 'pool is the rados pool name. Default is
|
|
|
+ rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts. Defaults to false. More info:
|
|
|
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is name of the authentication
|
|
|
+ secret for RBDUser. If provided overrides keyring.
|
|
|
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ user:
|
|
|
+ description: 'user is the rados user name. Default is
|
|
|
+ admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - image
|
|
|
+ - monitors
|
|
|
+ type: object
|
|
|
+ scaleIO:
|
|
|
+ description: scaleIO represents a ScaleIO persistent volume
|
|
|
+ attached and mounted on Kubernetes nodes.
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
|
|
|
+ type: string
|
|
|
+ gateway:
|
|
|
+ description: gateway is the host address of the ScaleIO
|
|
|
+ API Gateway.
|
|
|
+ type: string
|
|
|
+ protectionDomain:
|
|
|
+ description: protectionDomain is the name of the ScaleIO
|
|
|
+ Protection Domain for the configured storage.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly Defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: secretRef references to the secret for
|
|
|
+ ScaleIO user and other sensitive information. If this
|
|
|
+ is not provided, Login operation will fail.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ sslEnabled:
|
|
|
+ description: sslEnabled Flag enable/disable SSL communication
|
|
|
+ with Gateway, default false
|
|
|
+ type: boolean
|
|
|
+ storageMode:
|
|
|
+ description: storageMode indicates whether the storage
|
|
|
+ for a volume should be ThickProvisioned or ThinProvisioned.
|
|
|
+ Default is ThinProvisioned.
|
|
|
+ type: string
|
|
|
+ storagePool:
|
|
|
+ description: storagePool is the ScaleIO Storage Pool
|
|
|
+ associated with the protection domain.
|
|
|
+ type: string
|
|
|
+ system:
|
|
|
+ description: system is the name of the storage system
|
|
|
+ as configured in ScaleIO.
|
|
|
+ type: string
|
|
|
+ volumeName:
|
|
|
+ description: volumeName is the name of a volume already
|
|
|
+ created in the ScaleIO system that is associated with
|
|
|
+ this volume source.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - gateway
|
|
|
+ - secretRef
|
|
|
+ - system
|
|
|
+ type: object
|
|
|
+ secret:
|
|
|
+ description: 'secret represents a secret that should populate
|
|
|
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: 'defaultMode is Optional: mode bits used
|
|
|
+ to set permissions on created files by default. Must
|
|
|
+ be an octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal values for mode
|
|
|
+ bits. Defaults to 0644. Directories within the path
|
|
|
+ are not affected by this setting. This might be in
|
|
|
+ conflict with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ items:
|
|
|
+ description: items If unspecified, each key-value pair
|
|
|
+ in the Data field of the referenced Secret will be
|
|
|
+ projected into the volume as a file whose name is
|
|
|
+ the key and content is the value. If specified, the
|
|
|
+ listed keys will be projected into the specified paths,
|
|
|
+ and unlisted keys will not be present. If a key is
|
|
|
+ specified which is not present in the Secret, the
|
|
|
+ volume setup will error unless it is marked optional.
|
|
|
+ Paths must be relative and may not contain the '..'
|
|
|
+ path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path within a
|
|
|
+ volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode bits used
|
|
|
+ to set permissions on this file. Must be an
|
|
|
+ octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires decimal values
|
|
|
+ for mode bits. If not specified, the volume
|
|
|
+ defaultMode will be used. This might be in conflict
|
|
|
+ with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode
|
|
|
+ bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path of the
|
|
|
+ file to map the key to. May not be an absolute
|
|
|
+ path. May not contain the path element '..'.
|
|
|
+ May not start with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ optional:
|
|
|
+ description: optional field specify whether the Secret
|
|
|
+ or its keys must be defined
|
|
|
+ type: boolean
|
|
|
+ secretName:
|
|
|
+ description: 'secretName is the name of the secret in
|
|
|
+ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ storageos:
|
|
|
+ description: storageOS represents a StorageOS volume attached
|
|
|
+ and mounted on Kubernetes nodes.
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: secretRef specifies the secret to use for
|
|
|
+ obtaining the StorageOS API credentials. If not specified,
|
|
|
+ default values will be attempted.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ volumeName:
|
|
|
+ description: volumeName is the human-readable name of
|
|
|
+ the StorageOS volume. Volume names are only unique
|
|
|
+ within a namespace.
|
|
|
+ type: string
|
|
|
+ volumeNamespace:
|
|
|
+ description: volumeNamespace specifies the scope of
|
|
|
+ the volume within StorageOS. If no namespace is specified
|
|
|
+ then the Pod's namespace will be used. This allows
|
|
|
+ the Kubernetes name scoping to be mirrored within
|
|
|
+ StorageOS for tighter integration. Set VolumeName
|
|
|
+ to any name to override the default behaviour. Set
|
|
|
+ to "default" if you are not using namespaces within
|
|
|
+ StorageOS. Namespaces that do not pre-exist within
|
|
|
+ StorageOS will be created.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ vsphereVolume:
|
|
|
+ description: vsphereVolume represents a vSphere volume attached
|
|
|
+ and mounted on kubelets host machine
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is filesystem type to mount. Must
|
|
|
+ be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ storagePolicyID:
|
|
|
+ description: storagePolicyID is the storage Policy Based
|
|
|
+ Management (SPBM) profile ID associated with the StoragePolicyName.
|
|
|
+ type: string
|
|
|
+ storagePolicyName:
|
|
|
+ description: storagePolicyName is the storage Policy
|
|
|
+ Based Management (SPBM) profile name.
|
|
|
+ type: string
|
|
|
+ volumePath:
|
|
|
+ description: volumePath is the path that identifies
|
|
|
+ vSphere volume vmdk
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumePath
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - containers
|
|
|
+ type: object
|
|
|
+ greenSpec:
|
|
|
+ description: Pod Spec for a Green Service
|
|
|
+ properties:
|
|
|
+ activeDeadlineSeconds:
|
|
|
+ description: Optional duration in seconds the pod may be active
|
|
|
+ on the node relative to StartTime before the system will actively
|
|
|
+ try to mark it failed and kill associated containers. Value
|
|
|
+ must be a positive integer.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ affinity:
|
|
|
+ description: If specified, the pod's scheduling constraints
|
|
|
+ properties:
|
|
|
+ nodeAffinity:
|
|
|
+ description: Describes node affinity scheduling rules for
|
|
|
+ the pod.
|
|
|
+ properties:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: The scheduler will prefer to schedule pods
|
|
|
+ to nodes that satisfy the affinity expressions specified
|
|
|
+ by this field, but it may choose a node that violates
|
|
|
+ one or more of the expressions. The node that is most
|
|
|
+ preferred is the one with the greatest sum of weights,
|
|
|
+ i.e. for each node that meets all of the scheduling
|
|
|
+ requirements (resource request, requiredDuringScheduling
|
|
|
+ affinity expressions, etc.), compute a sum by iterating
|
|
|
+ through the elements of this field and adding "weight"
|
|
|
+ to the sum if the node matches the corresponding matchExpressions;
|
|
|
+ the node(s) with the highest sum are the most preferred.
|
|
|
+ items:
|
|
|
+ description: An empty preferred scheduling term matches
|
|
|
+ all objects with implicit weight 0 (i.e. it's a no-op).
|
|
|
+ A null preferred scheduling term matches no objects
|
|
|
+ (i.e. is also a no-op).
|
|
|
+ properties:
|
|
|
+ preference:
|
|
|
+ description: A node selector term, associated with
|
|
|
+ the corresponding weight.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's labels.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchFields:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's fields.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ weight:
|
|
|
+ description: Weight associated with matching the
|
|
|
+ corresponding nodeSelectorTerm, in the range 1-100.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ required:
|
|
|
+ - preference
|
|
|
+ - weight
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: If the affinity requirements specified by
|
|
|
+ this field are not met at scheduling time, the pod will
|
|
|
+ not be scheduled onto the node. If the affinity requirements
|
|
|
+ specified by this field cease to be met at some point
|
|
|
+ during pod execution (e.g. due to an update), the system
|
|
|
+ may or may not try to eventually evict the pod from
|
|
|
+ its node.
|
|
|
+ properties:
|
|
|
+ nodeSelectorTerms:
|
|
|
+ description: Required. A list of node selector terms.
|
|
|
+ The terms are ORed.
|
|
|
+ items:
|
|
|
+ description: A null or empty node selector term
|
|
|
+ matches no objects. The requirements of them are
|
|
|
+ ANDed. The TopologySelectorTerm type implements
|
|
|
+ a subset of the NodeSelectorTerm.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's labels.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchFields:
|
|
|
+ description: A list of node selector requirements
|
|
|
+ by node's fields.
|
|
|
+ items:
|
|
|
+ description: A node selector requirement is
|
|
|
+ a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Represents a key's relationship
|
|
|
+ to a set of values. Valid operators
|
|
|
+ are In, NotIn, Exists, DoesNotExist.
|
|
|
+ Gt, and Lt.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: An array of string values.
|
|
|
+ If the operator is In or NotIn, the
|
|
|
+ values array must be non-empty. If the
|
|
|
+ operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. If the
|
|
|
+ operator is Gt or Lt, the values array
|
|
|
+ must have a single element, which will
|
|
|
+ be interpreted as an integer. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - nodeSelectorTerms
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ podAffinity:
|
|
|
+ description: Describes pod affinity scheduling rules (e.g.
|
|
|
+ co-locate this pod in the same node, zone, etc. as some
|
|
|
+ other pod(s)).
|
|
|
+ properties:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: The scheduler will prefer to schedule pods
|
|
|
+ to nodes that satisfy the affinity expressions specified
|
|
|
+ by this field, but it may choose a node that violates
|
|
|
+ one or more of the expressions. The node that is most
|
|
|
+ preferred is the one with the greatest sum of weights,
|
|
|
+ i.e. for each node that meets all of the scheduling
|
|
|
+ requirements (resource request, requiredDuringScheduling
|
|
|
+ affinity expressions, etc.), compute a sum by iterating
|
|
|
+ through the elements of this field and adding "weight"
|
|
|
+ to the sum if the node has pods which matches the corresponding
|
|
|
+ podAffinityTerm; the node(s) with the highest sum are
|
|
|
+ the most preferred.
|
|
|
+ items:
|
|
|
+ description: The weights of all of the matched WeightedPodAffinityTerm
|
|
|
+ fields are added per-node to find the most preferred
|
|
|
+ node(s)
|
|
|
+ properties:
|
|
|
+ podAffinityTerm:
|
|
|
+ description: Required. A pod affinity term, associated
|
|
|
+ with the corresponding weight.
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by
|
|
|
+ this field and the ones listed in the namespaces
|
|
|
+ field. null selector and null or empty namespaces
|
|
|
+ list means "this pod's namespace". An empty
|
|
|
+ selector ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to.
|
|
|
+ The term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected
|
|
|
+ by namespaceSelector. null or empty namespaces
|
|
|
+ list and null namespaceSelector means "this
|
|
|
+ pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the
|
|
|
+ pods matching the labelSelector in the specified
|
|
|
+ namespaces, where co-located is defined as
|
|
|
+ running on a node whose value of the label
|
|
|
+ with key topologyKey matches that of any node
|
|
|
+ on which any of the selected pods is running.
|
|
|
+ Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ weight:
|
|
|
+ description: weight associated with matching the
|
|
|
+ corresponding podAffinityTerm, in the range 1-100.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ required:
|
|
|
+ - podAffinityTerm
|
|
|
+ - weight
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: If the affinity requirements specified by
|
|
|
+ this field are not met at scheduling time, the pod will
|
|
|
+ not be scheduled onto the node. If the affinity requirements
|
|
|
+ specified by this field cease to be met at some point
|
|
|
+ during pod execution (e.g. due to a pod label update),
|
|
|
+ the system may or may not try to eventually evict the
|
|
|
+ pod from its node. When there are multiple elements,
|
|
|
+ the lists of nodes corresponding to each podAffinityTerm
|
|
|
+ are intersected, i.e. all terms must be satisfied.
|
|
|
+ items:
|
|
|
+ description: Defines a set of pods (namely those matching
|
|
|
+ the labelSelector relative to the given namespace(s))
|
|
|
+ that this pod should be co-located (affinity) or not
|
|
|
+ co-located (anti-affinity) with, where co-located
|
|
|
+ is defined as running on a node whose value of the
|
|
|
+ label with key <topologyKey> matches that of any node
|
|
|
+ on which a pod of the set of pods is running
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by this
|
|
|
+ field and the ones listed in the namespaces field.
|
|
|
+ null selector and null or empty namespaces list
|
|
|
+ means "this pod's namespace". An empty selector
|
|
|
+ ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to. The
|
|
|
+ term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected by
|
|
|
+ namespaceSelector. null or empty namespaces list
|
|
|
+ and null namespaceSelector means "this pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the pods
|
|
|
+ matching the labelSelector in the specified namespaces,
|
|
|
+ where co-located is defined as running on a node
|
|
|
+ whose value of the label with key topologyKey
|
|
|
+ matches that of any node on which any of the selected
|
|
|
+ pods is running. Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ podAntiAffinity:
|
|
|
+ description: Describes pod anti-affinity scheduling rules
|
|
|
+ (e.g. avoid putting this pod in the same node, zone, etc.
|
|
|
+ as some other pod(s)).
|
|
|
+ properties:
|
|
|
+ preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: The scheduler will prefer to schedule pods
|
|
|
+ to nodes that satisfy the anti-affinity expressions
|
|
|
+ specified by this field, but it may choose a node that
|
|
|
+ violates one or more of the expressions. The node that
|
|
|
+ is most preferred is the one with the greatest sum of
|
|
|
+ weights, i.e. for each node that meets all of the scheduling
|
|
|
+ requirements (resource request, requiredDuringScheduling
|
|
|
+ anti-affinity expressions, etc.), compute a sum by iterating
|
|
|
+ through the elements of this field and adding "weight"
|
|
|
+ to the sum if the node has pods which matches the corresponding
|
|
|
+ podAffinityTerm; the node(s) with the highest sum are
|
|
|
+ the most preferred.
|
|
|
+ items:
|
|
|
+ description: The weights of all of the matched WeightedPodAffinityTerm
|
|
|
+ fields are added per-node to find the most preferred
|
|
|
+ node(s)
|
|
|
+ properties:
|
|
|
+ podAffinityTerm:
|
|
|
+ description: Required. A pod affinity term, associated
|
|
|
+ with the corresponding weight.
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by
|
|
|
+ this field and the ones listed in the namespaces
|
|
|
+ field. null selector and null or empty namespaces
|
|
|
+ list means "this pod's namespace". An empty
|
|
|
+ selector ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to.
|
|
|
+ The term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected
|
|
|
+ by namespaceSelector. null or empty namespaces
|
|
|
+ list and null namespaceSelector means "this
|
|
|
+ pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the
|
|
|
+ pods matching the labelSelector in the specified
|
|
|
+ namespaces, where co-located is defined as
|
|
|
+ running on a node whose value of the label
|
|
|
+ with key topologyKey matches that of any node
|
|
|
+ on which any of the selected pods is running.
|
|
|
+ Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ weight:
|
|
|
+ description: weight associated with matching the
|
|
|
+ corresponding podAffinityTerm, in the range 1-100.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ required:
|
|
|
+ - podAffinityTerm
|
|
|
+ - weight
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
+ description: If the anti-affinity requirements specified
|
|
|
+ by this field are not met at scheduling time, the pod
|
|
|
+ will not be scheduled onto the node. If the anti-affinity
|
|
|
+ requirements specified by this field cease to be met
|
|
|
+ at some point during pod execution (e.g. due to a pod
|
|
|
+ label update), the system may or may not try to eventually
|
|
|
+ evict the pod from its node. When there are multiple
|
|
|
+ elements, the lists of nodes corresponding to each podAffinityTerm
|
|
|
+ are intersected, i.e. all terms must be satisfied.
|
|
|
+ items:
|
|
|
+ description: Defines a set of pods (namely those matching
|
|
|
+ the labelSelector relative to the given namespace(s))
|
|
|
+ that this pod should be co-located (affinity) or not
|
|
|
+ co-located (anti-affinity) with, where co-located
|
|
|
+ is defined as running on a node whose value of the
|
|
|
+ label with key <topologyKey> matches that of any node
|
|
|
+ on which a pod of the set of pods is running
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: A label query over a set of resources,
|
|
|
+ in this case pods.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaceSelector:
|
|
|
+ description: A label query over the set of namespaces
|
|
|
+ that the term applies to. The term is applied
|
|
|
+ to the union of the namespaces selected by this
|
|
|
+ field and the ones listed in the namespaces field.
|
|
|
+ null selector and null or empty namespaces list
|
|
|
+ means "this pod's namespace". An empty selector
|
|
|
+ ({}) matches all namespaces.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label
|
|
|
+ selector requirements. The requirements are
|
|
|
+ ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values, a key,
|
|
|
+ and an operator that relates the key and
|
|
|
+ values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that
|
|
|
+ the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's
|
|
|
+ relationship to a set of values. Valid
|
|
|
+ operators are In, NotIn, Exists and
|
|
|
+ DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string
|
|
|
+ values. If the operator is In or NotIn,
|
|
|
+ the values array must be non-empty.
|
|
|
+ If the operator is Exists or DoesNotExist,
|
|
|
+ the values array must be empty. This
|
|
|
+ array is replaced during a strategic
|
|
|
+ merge patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator is
|
|
|
+ "In", and the values array contains only "value".
|
|
|
+ The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ namespaces:
|
|
|
+ description: namespaces specifies a static list
|
|
|
+ of namespace names that the term applies to. The
|
|
|
+ term is applied to the union of the namespaces
|
|
|
+ listed in this field and the ones selected by
|
|
|
+ namespaceSelector. null or empty namespaces list
|
|
|
+ and null namespaceSelector means "this pod's namespace".
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ topologyKey:
|
|
|
+ description: This pod should be co-located (affinity)
|
|
|
+ or not co-located (anti-affinity) with the pods
|
|
|
+ matching the labelSelector in the specified namespaces,
|
|
|
+ where co-located is defined as running on a node
|
|
|
+ whose value of the label with key topologyKey
|
|
|
+ matches that of any node on which any of the selected
|
|
|
+ pods is running. Empty topologyKey is not allowed.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - topologyKey
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ automountServiceAccountToken:
|
|
|
+ description: AutomountServiceAccountToken indicates whether a
|
|
|
+ service account token should be automatically mounted.
|
|
|
+ type: boolean
|
|
|
+ containers:
|
|
|
+ description: List of containers belonging to the pod. Containers
|
|
|
+ cannot currently be added or removed. There must be at least
|
|
|
+ one container in a Pod. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: A single application container that you want to
|
|
|
+ run within a pod.
|
|
|
+ properties:
|
|
|
+ args:
|
|
|
+ description: 'Arguments to the entrypoint. The container
|
|
|
+ image''s CMD is used if this is not provided. Variable
|
|
|
+ references $(VAR_NAME) are expanded using the container''s
|
|
|
+ environment. If a variable cannot be resolved, the reference
|
|
|
+ in the input string will be unchanged. Double $$ are reduced
|
|
|
+ to a single $, which allows for escaping the $(VAR_NAME)
|
|
|
+ syntax: i.e. "$$(VAR_NAME)" will produce the string literal
|
|
|
+ "$(VAR_NAME)". Escaped references will never be expanded,
|
|
|
+ regardless of whether the variable exists or not. Cannot
|
|
|
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ command:
|
|
|
+ description: 'Entrypoint array. Not executed within a shell.
|
|
|
+ The container image''s ENTRYPOINT is used if this is not
|
|
|
+ provided. Variable references $(VAR_NAME) are expanded
|
|
|
+ using the container''s environment. If a variable cannot
|
|
|
+ be resolved, the reference in the input string will be
|
|
|
+ unchanged. Double $$ are reduced to a single $, which
|
|
|
+ allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of whether
|
|
|
+ the variable exists or not. Cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ env:
|
|
|
+ description: List of environment variables to set in the
|
|
|
+ container. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvVar represents an environment variable
|
|
|
+ present in a Container.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of the environment variable. Must
|
|
|
+ be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: 'Variable references $(VAR_NAME) are
|
|
|
+ expanded using the previously defined environment
|
|
|
+ variables in the container and any service environment
|
|
|
+ variables. If a variable cannot be resolved, the
|
|
|
+ reference in the input string will be unchanged.
|
|
|
+ Double $$ are reduced to a single $, which allows
|
|
|
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of
|
|
|
+ whether the variable exists or not. Defaults to
|
|
|
+ "".'
|
|
|
+ type: string
|
|
|
+ valueFrom:
|
|
|
+ description: Source for the environment variable's
|
|
|
+ value. Cannot be used if value is not empty.
|
|
|
+ properties:
|
|
|
+ configMapKeyRef:
|
|
|
+ description: Selects a key of a ConfigMap.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key to select.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap
|
|
|
+ or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ fieldRef:
|
|
|
+ description: 'Selects a field of the pod: supports
|
|
|
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
|
|
|
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
|
|
|
+ spec.serviceAccountName, status.hostIP, status.podIP,
|
|
|
+ status.podIPs.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, limits.ephemeral-storage, requests.cpu,
|
|
|
+ requests.memory and requests.ephemeral-storage)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ secretKeyRef:
|
|
|
+ description: Selects a key of a secret in the
|
|
|
+ pod's namespace
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key of the secret to select
|
|
|
+ from. Must be a valid secret key.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret or
|
|
|
+ its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ envFrom:
|
|
|
+ description: List of sources to populate environment variables
|
|
|
+ in the container. The keys defined within a source must
|
|
|
+ be a C_IDENTIFIER. All invalid keys will be reported as
|
|
|
+ an event when the container is starting. When a key exists
|
|
|
+ in multiple sources, the value associated with the last
|
|
|
+ source will take precedence. Values defined by an Env
|
|
|
+ with a duplicate key will take precedence. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvFromSource represents the source of a
|
|
|
+ set of ConfigMaps
|
|
|
+ properties:
|
|
|
+ configMapRef:
|
|
|
+ description: The ConfigMap to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap must
|
|
|
+ be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ prefix:
|
|
|
+ description: An optional identifier to prepend to
|
|
|
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: The Secret to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret must be
|
|
|
+ defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ image:
|
|
|
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
|
|
|
+ This field is optional to allow higher level config management
|
|
|
+ to default or override container images in workload controllers
|
|
|
+ like Deployments and StatefulSets.'
|
|
|
+ type: string
|
|
|
+ imagePullPolicy:
|
|
|
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
|
|
|
+ Defaults to Always if :latest tag is specified, or IfNotPresent
|
|
|
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
|
|
|
+ type: string
|
|
|
+ lifecycle:
|
|
|
+ description: Actions that the management system should take
|
|
|
+ in response to container lifecycle events. Cannot be updated.
|
|
|
+ properties:
|
|
|
+ postStart:
|
|
|
+ description: 'PostStart is called immediately after
|
|
|
+ a container is created. If the handler fails, the
|
|
|
+ container is terminated and restarted according to
|
|
|
+ its restart policy. Other management of the container
|
|
|
+ blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ preStop:
|
|
|
+ description: 'PreStop is called immediately before a
|
|
|
+ container is terminated due to an API request or management
|
|
|
+ event such as liveness/startup probe failure, preemption,
|
|
|
+ resource contention, etc. The handler is not called
|
|
|
+ if the container crashes or exits. The Pod''s termination
|
|
|
+ grace period countdown begins before the PreStop hook
|
|
|
+ is executed. Regardless of the outcome of the handler,
|
|
|
+ the container will eventually terminate within the
|
|
|
+ Pod''s termination grace period (unless delayed by
|
|
|
+ finalizers). Other management of the container blocks
|
|
|
+ until the hook completes or until the termination
|
|
|
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ livenessProbe:
|
|
|
+ description: 'Periodic probe of container liveness. Container
|
|
|
+ will be restarted if the probe fails. Cannot be updated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: Name of the container specified as a DNS_LABEL.
|
|
|
+ Each container in a pod must have a unique name (DNS_LABEL).
|
|
|
+ Cannot be updated.
|
|
|
+ type: string
|
|
|
+ ports:
|
|
|
+ description: List of ports to expose from the container.
|
|
|
+ Exposing a port here gives the system additional information
|
|
|
+ about the network connections a container uses, but is
|
|
|
+ primarily informational. Not specifying a port here DOES
|
|
|
+ NOT prevent that port from being exposed. Any port which
|
|
|
+ is listening on the default "0.0.0.0" address inside a
|
|
|
+ container will be accessible from the network. Cannot
|
|
|
+ be updated.
|
|
|
+ items:
|
|
|
+ description: ContainerPort represents a network port in
|
|
|
+ a single container.
|
|
|
+ properties:
|
|
|
+ containerPort:
|
|
|
+ description: Number of port to expose on the pod's
|
|
|
+ IP address. This must be a valid port number, 0
|
|
|
+ < x < 65536.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ hostIP:
|
|
|
+ description: What host IP to bind the external port
|
|
|
+ to.
|
|
|
+ type: string
|
|
|
+ hostPort:
|
|
|
+ description: Number of port to expose on the host.
|
|
|
+ If specified, this must be a valid port number,
|
|
|
+ 0 < x < 65536. If HostNetwork is specified, this
|
|
|
+ must match ContainerPort. Most containers do not
|
|
|
+ need this.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ name:
|
|
|
+ description: If specified, this must be an IANA_SVC_NAME
|
|
|
+ and unique within the pod. Each named port in a
|
|
|
+ pod must have a unique name. Name for the port that
|
|
|
+ can be referred to by services.
|
|
|
+ type: string
|
|
|
+ protocol:
|
|
|
+ default: TCP
|
|
|
+ description: Protocol for port. Must be UDP, TCP,
|
|
|
+ or SCTP. Defaults to "TCP".
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - containerPort
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - containerPort
|
|
|
+ - protocol
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ readinessProbe:
|
|
|
+ description: 'Periodic probe of container service readiness.
|
|
|
+ Container will be removed from service endpoints if the
|
|
|
+ probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ resources:
|
|
|
+ description: 'Compute Resources required by this container.
|
|
|
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum amount of
|
|
|
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum amount
|
|
|
+ of compute resources required. If Requests is omitted
|
|
|
+ for a container, it defaults to Limits if that is
|
|
|
+ explicitly specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ securityContext:
|
|
|
+ description: 'SecurityContext defines the security options
|
|
|
+ the container should be run with. If set, the fields of
|
|
|
+ SecurityContext override the equivalent fields of PodSecurityContext.
|
|
|
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
|
|
+ properties:
|
|
|
+ allowPrivilegeEscalation:
|
|
|
+ description: 'AllowPrivilegeEscalation controls whether
|
|
|
+ a process can gain more privileges than its parent
|
|
|
+ process. This bool directly controls if the no_new_privs
|
|
|
+ flag will be set on the container process. AllowPrivilegeEscalation
|
|
|
+ is true always when the container is: 1) run as Privileged
|
|
|
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
|
|
|
+ set when spec.os.name is windows.'
|
|
|
+ type: boolean
|
|
|
+ capabilities:
|
|
|
+ description: The capabilities to add/drop when running
|
|
|
+ containers. Defaults to the default set of capabilities
|
|
|
+ granted by the container runtime. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ add:
|
|
|
+ description: Added capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ drop:
|
|
|
+ description: Removed capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ privileged:
|
|
|
+ description: Run container in privileged mode. Processes
|
|
|
+ in privileged containers are essentially equivalent
|
|
|
+ to root on the host. Defaults to false. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ procMount:
|
|
|
+ description: procMount denotes the type of proc mount
|
|
|
+ to use for the containers. The default is DefaultProcMount
|
|
|
+ which uses the container runtime defaults for readonly
|
|
|
+ paths and masked paths. This requires the ProcMountType
|
|
|
+ feature flag to be enabled. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ type: string
|
|
|
+ readOnlyRootFilesystem:
|
|
|
+ description: Whether this container has a read-only
|
|
|
+ root filesystem. Default is false. Note that this
|
|
|
+ field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be
|
|
|
+ set in PodSecurityContext. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as
|
|
|
+ a non-root user. If true, the Kubelet will validate
|
|
|
+ the image at runtime to ensure that it does not run
|
|
|
+ as UID 0 (root) and fail to start the container if
|
|
|
+ it does. If unset or false, no such validation will
|
|
|
+ be performed. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata
|
|
|
+ if unspecified. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to the
|
|
|
+ container. If unspecified, the container runtime will
|
|
|
+ allocate a random SELinux context for each container. May
|
|
|
+ also be set in PodSecurityContext. If set in both
|
|
|
+ SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence. Note
|
|
|
+ that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by this container.
|
|
|
+ If seccomp options are provided at both the pod &
|
|
|
+ container level, the container options override the
|
|
|
+ pod options. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile
|
|
|
+ defined in a file on the node should be used.
|
|
|
+ The profile must be preconfigured on the node
|
|
|
+ to work. Must be a descending path, relative to
|
|
|
+ the kubelet's configured seccomp profile location.
|
|
|
+ Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp
|
|
|
+ profile will be applied. Valid options are: \n
|
|
|
+ Localhost - a profile defined in a file on the
|
|
|
+ node should be used. RuntimeDefault - the container
|
|
|
+ runtime default profile should be used. Unconfined
|
|
|
+ - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to
|
|
|
+ all containers. If unspecified, the options from the
|
|
|
+ PodSecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA
|
|
|
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec
|
|
|
+ named by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name
|
|
|
+ of the GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container
|
|
|
+ should be run as a 'Host Process' container. This
|
|
|
+ field is alpha-level and will only be honored
|
|
|
+ by components that enable the WindowsHostProcessContainers
|
|
|
+ feature flag. Setting this field without the feature
|
|
|
+ flag will result in errors when validating the
|
|
|
+ Pod. All of a Pod's containers must have the same
|
|
|
+ effective HostProcess value (it is not allowed
|
|
|
+ to have a mix of HostProcess containers and non-HostProcess
|
|
|
+ containers). In addition, if HostProcess is true
|
|
|
+ then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the
|
|
|
+ entrypoint of the container process. Defaults
|
|
|
+ to the user specified in image metadata if unspecified.
|
|
|
+ May also be set in PodSecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ startupProbe:
|
|
|
+ description: 'StartupProbe indicates that the Pod has successfully
|
|
|
+ initialized. If specified, no other probes are executed
|
|
|
+ until this completes successfully. If this probe fails,
|
|
|
+ the Pod will be restarted, just as if the livenessProbe
|
|
|
+ failed. This can be used to provide different probe parameters
|
|
|
+ at the beginning of a Pod''s lifecycle, when it might
|
|
|
+ take a long time to load data or warm a cache, than during
|
|
|
+ steady-state operation. This cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ stdin:
|
|
|
+ description: Whether this container should allocate a buffer
|
|
|
+ for stdin in the container runtime. If this is not set,
|
|
|
+ reads from stdin in the container will always result in
|
|
|
+ EOF. Default is false.
|
|
|
+ type: boolean
|
|
|
+ stdinOnce:
|
|
|
+ description: Whether the container runtime should close
|
|
|
+ the stdin channel after it has been opened by a single
|
|
|
+ attach. When stdin is true the stdin stream will remain
|
|
|
+ open across multiple attach sessions. If stdinOnce is
|
|
|
+ set to true, stdin is opened on container start, is empty
|
|
|
+ until the first client attaches to stdin, and then remains
|
|
|
+ open and accepts data until the client disconnects, at
|
|
|
+ which time stdin is closed and remains closed until the
|
|
|
+ container is restarted. If this flag is false, a container
|
|
|
+ processes that reads from stdin will never receive an
|
|
|
+ EOF. Default is false
|
|
|
+ type: boolean
|
|
|
+ terminationMessagePath:
|
|
|
+ description: 'Optional: Path at which the file to which
|
|
|
+ the container''s termination message will be written is
|
|
|
+ mounted into the container''s filesystem. Message written
|
|
|
+ is intended to be brief final status, such as an assertion
|
|
|
+ failure message. Will be truncated by the node if greater
|
|
|
+ than 4096 bytes. The total message length across all containers
|
|
|
+ will be limited to 12kb. Defaults to /dev/termination-log.
|
|
|
+ Cannot be updated.'
|
|
|
+ type: string
|
|
|
+ terminationMessagePolicy:
|
|
|
+ description: Indicate how the termination message should
|
|
|
+ be populated. File will use the contents of terminationMessagePath
|
|
|
+ to populate the container status message on both success
|
|
|
+ and failure. FallbackToLogsOnError will use the last chunk
|
|
|
+ of container log output if the termination message file
|
|
|
+ is empty and the container exited with an error. The log
|
|
|
+ output is limited to 2048 bytes or 80 lines, whichever
|
|
|
+ is smaller. Defaults to File. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ tty:
|
|
|
+ description: Whether this container should allocate a TTY
|
|
|
+ for itself, also requires 'stdin' to be true. Default
|
|
|
+ is false.
|
|
|
+ type: boolean
|
|
|
+ volumeDevices:
|
|
|
+ description: volumeDevices is the list of block devices
|
|
|
+ to be used by the container.
|
|
|
+ items:
|
|
|
+ description: volumeDevice describes a mapping of a raw
|
|
|
+ block device within a container.
|
|
|
+ properties:
|
|
|
+ devicePath:
|
|
|
+ description: devicePath is the path inside of the
|
|
|
+ container that the device will be mapped to.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: name must match the name of a persistentVolumeClaim
|
|
|
+ in the pod
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - devicePath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ volumeMounts:
|
|
|
+ description: Pod volumes to mount into the container's filesystem.
|
|
|
+ Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: VolumeMount describes a mounting of a Volume
|
|
|
+ within a container.
|
|
|
+ properties:
|
|
|
+ mountPath:
|
|
|
+ description: Path within the container at which the
|
|
|
+ volume should be mounted. Must not contain ':'.
|
|
|
+ type: string
|
|
|
+ mountPropagation:
|
|
|
+ description: mountPropagation determines how mounts
|
|
|
+ are propagated from the host to container and the
|
|
|
+ other way around. When not set, MountPropagationNone
|
|
|
+ is used. This field is beta in 1.10.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: This must match the Name of a Volume.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: Mounted read-only if true, read-write
|
|
|
+ otherwise (false or unspecified). Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ subPath:
|
|
|
+ description: Path within the volume from which the
|
|
|
+ container's volume should be mounted. Defaults to
|
|
|
+ "" (volume's root).
|
|
|
+ type: string
|
|
|
+ subPathExpr:
|
|
|
+ description: Expanded path within the volume from
|
|
|
+ which the container's volume should be mounted.
|
|
|
+ Behaves similarly to SubPath but environment variable
|
|
|
+ references $(VAR_NAME) are expanded using the container's
|
|
|
+ environment. Defaults to "" (volume's root). SubPathExpr
|
|
|
+ and SubPath are mutually exclusive.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - mountPath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ workingDir:
|
|
|
+ description: Container's working directory. If not specified,
|
|
|
+ the container runtime's default will be used, which might
|
|
|
+ be configured in the container image. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ dnsConfig:
|
|
|
+ description: Specifies the DNS parameters of a pod. Parameters
|
|
|
+ specified here will be merged to the generated DNS configuration
|
|
|
+ based on DNSPolicy.
|
|
|
+ properties:
|
|
|
+ nameservers:
|
|
|
+ description: A list of DNS name server IP addresses. This
|
|
|
+ will be appended to the base nameservers generated from
|
|
|
+ DNSPolicy. Duplicated nameservers will be removed.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ options:
|
|
|
+ description: A list of DNS resolver options. This will be
|
|
|
+ merged with the base options generated from DNSPolicy. Duplicated
|
|
|
+ entries will be removed. Resolution options given in Options
|
|
|
+ will override those that appear in the base DNSPolicy.
|
|
|
+ items:
|
|
|
+ description: PodDNSConfigOption defines DNS resolver options
|
|
|
+ of a pod.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Required.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ searches:
|
|
|
+ description: A list of DNS search domains for host-name lookup.
|
|
|
+ This will be appended to the base search paths generated
|
|
|
+ from DNSPolicy. Duplicated search paths will be removed.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ dnsPolicy:
|
|
|
+ description: Set DNS policy for the pod. Defaults to "ClusterFirst".
|
|
|
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
|
|
|
+ 'Default' or 'None'. DNS parameters given in DNSConfig will
|
|
|
+ be merged with the policy selected with DNSPolicy. To have DNS
|
|
|
+ options set along with hostNetwork, you have to specify DNS
|
|
|
+ policy explicitly to 'ClusterFirstWithHostNet'.
|
|
|
+ type: string
|
|
|
+ enableServiceLinks:
|
|
|
+ description: 'EnableServiceLinks indicates whether information
|
|
|
+ about services should be injected into pod''s environment variables,
|
|
|
+ matching the syntax of Docker links. Optional: Defaults to true.'
|
|
|
+ type: boolean
|
|
|
+ ephemeralContainers:
|
|
|
+ description: List of ephemeral containers run in this pod. Ephemeral
|
|
|
+ containers may be run in an existing pod to perform user-initiated
|
|
|
+ actions such as debugging. This list cannot be specified when
|
|
|
+ creating a pod, and it cannot be modified by updating the pod
|
|
|
+ spec. In order to add an ephemeral container to an existing
|
|
|
+ pod, use the pod's ephemeralcontainers subresource. This field
|
|
|
+ is beta-level and available on clusters that haven't disabled
|
|
|
+ the EphemeralContainers feature gate.
|
|
|
+ items:
|
|
|
+ description: "An EphemeralContainer is a temporary container
|
|
|
+ that you may add to an existing Pod for user-initiated activities
|
|
|
+ such as debugging. Ephemeral containers have no resource or
|
|
|
+ scheduling guarantees, and they will not be restarted when
|
|
|
+ they exit or when a Pod is removed or restarted. The kubelet
|
|
|
+ may evict a Pod if an ephemeral container causes the Pod to
|
|
|
+ exceed its resource allocation. \n To add an ephemeral container,
|
|
|
+ use the ephemeralcontainers subresource of an existing Pod.
|
|
|
+ Ephemeral containers may not be removed or restarted. \n This
|
|
|
+ is a beta feature available on clusters that haven't disabled
|
|
|
+ the EphemeralContainers feature gate."
|
|
|
+ properties:
|
|
|
+ args:
|
|
|
+ description: 'Arguments to the entrypoint. The image''s
|
|
|
+ CMD is used if this is not provided. Variable references
|
|
|
+ $(VAR_NAME) are expanded using the container''s environment.
|
|
|
+ If a variable cannot be resolved, the reference in the
|
|
|
+ input string will be unchanged. Double $$ are reduced
|
|
|
+ to a single $, which allows for escaping the $(VAR_NAME)
|
|
|
+ syntax: i.e. "$$(VAR_NAME)" will produce the string literal
|
|
|
+ "$(VAR_NAME)". Escaped references will never be expanded,
|
|
|
+ regardless of whether the variable exists or not. Cannot
|
|
|
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ command:
|
|
|
+ description: 'Entrypoint array. Not executed within a shell.
|
|
|
+ The image''s ENTRYPOINT is used if this is not provided.
|
|
|
+ Variable references $(VAR_NAME) are expanded using the
|
|
|
+ container''s environment. If a variable cannot be resolved,
|
|
|
+ the reference in the input string will be unchanged. Double
|
|
|
+ $$ are reduced to a single $, which allows for escaping
|
|
|
+ the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
|
|
|
+ the string literal "$(VAR_NAME)". Escaped references will
|
|
|
+ never be expanded, regardless of whether the variable
|
|
|
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ env:
|
|
|
+ description: List of environment variables to set in the
|
|
|
+ container. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvVar represents an environment variable
|
|
|
+ present in a Container.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of the environment variable. Must
|
|
|
+ be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: 'Variable references $(VAR_NAME) are
|
|
|
+ expanded using the previously defined environment
|
|
|
+ variables in the container and any service environment
|
|
|
+ variables. If a variable cannot be resolved, the
|
|
|
+ reference in the input string will be unchanged.
|
|
|
+ Double $$ are reduced to a single $, which allows
|
|
|
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of
|
|
|
+ whether the variable exists or not. Defaults to
|
|
|
+ "".'
|
|
|
+ type: string
|
|
|
+ valueFrom:
|
|
|
+ description: Source for the environment variable's
|
|
|
+ value. Cannot be used if value is not empty.
|
|
|
+ properties:
|
|
|
+ configMapKeyRef:
|
|
|
+ description: Selects a key of a ConfigMap.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key to select.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap
|
|
|
+ or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ fieldRef:
|
|
|
+ description: 'Selects a field of the pod: supports
|
|
|
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
|
|
|
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
|
|
|
+ spec.serviceAccountName, status.hostIP, status.podIP,
|
|
|
+ status.podIPs.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, limits.ephemeral-storage, requests.cpu,
|
|
|
+ requests.memory and requests.ephemeral-storage)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ secretKeyRef:
|
|
|
+ description: Selects a key of a secret in the
|
|
|
+ pod's namespace
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key of the secret to select
|
|
|
+ from. Must be a valid secret key.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret or
|
|
|
+ its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ envFrom:
|
|
|
+ description: List of sources to populate environment variables
|
|
|
+ in the container. The keys defined within a source must
|
|
|
+ be a C_IDENTIFIER. All invalid keys will be reported as
|
|
|
+ an event when the container is starting. When a key exists
|
|
|
+ in multiple sources, the value associated with the last
|
|
|
+ source will take precedence. Values defined by an Env
|
|
|
+ with a duplicate key will take precedence. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvFromSource represents the source of a
|
|
|
+ set of ConfigMaps
|
|
|
+ properties:
|
|
|
+ configMapRef:
|
|
|
+ description: The ConfigMap to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap must
|
|
|
+ be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ prefix:
|
|
|
+ description: An optional identifier to prepend to
|
|
|
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: The Secret to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret must be
|
|
|
+ defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ image:
|
|
|
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
|
|
|
+ type: string
|
|
|
+ imagePullPolicy:
|
|
|
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
|
|
|
+ Defaults to Always if :latest tag is specified, or IfNotPresent
|
|
|
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
|
|
|
+ type: string
|
|
|
+ lifecycle:
|
|
|
+ description: Lifecycle is not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ postStart:
|
|
|
+ description: 'PostStart is called immediately after
|
|
|
+ a container is created. If the handler fails, the
|
|
|
+ container is terminated and restarted according to
|
|
|
+ its restart policy. Other management of the container
|
|
|
+ blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ preStop:
|
|
|
+ description: 'PreStop is called immediately before a
|
|
|
+ container is terminated due to an API request or management
|
|
|
+ event such as liveness/startup probe failure, preemption,
|
|
|
+ resource contention, etc. The handler is not called
|
|
|
+ if the container crashes or exits. The Pod''s termination
|
|
|
+ grace period countdown begins before the PreStop hook
|
|
|
+ is executed. Regardless of the outcome of the handler,
|
|
|
+ the container will eventually terminate within the
|
|
|
+ Pod''s termination grace period (unless delayed by
|
|
|
+ finalizers). Other management of the container blocks
|
|
|
+ until the hook completes or until the termination
|
|
|
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ livenessProbe:
|
|
|
+ description: Probes are not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: Name of the ephemeral container specified as
|
|
|
+ a DNS_LABEL. This name must be unique among all containers,
|
|
|
+ init containers and ephemeral containers.
|
|
|
+ type: string
|
|
|
+ ports:
|
|
|
+ description: Ports are not allowed for ephemeral containers.
|
|
|
+ items:
|
|
|
+ description: ContainerPort represents a network port in
|
|
|
+ a single container.
|
|
|
+ properties:
|
|
|
+ containerPort:
|
|
|
+ description: Number of port to expose on the pod's
|
|
|
+ IP address. This must be a valid port number, 0
|
|
|
+ < x < 65536.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ hostIP:
|
|
|
+ description: What host IP to bind the external port
|
|
|
+ to.
|
|
|
+ type: string
|
|
|
+ hostPort:
|
|
|
+ description: Number of port to expose on the host.
|
|
|
+ If specified, this must be a valid port number,
|
|
|
+ 0 < x < 65536. If HostNetwork is specified, this
|
|
|
+ must match ContainerPort. Most containers do not
|
|
|
+ need this.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ name:
|
|
|
+ description: If specified, this must be an IANA_SVC_NAME
|
|
|
+ and unique within the pod. Each named port in a
|
|
|
+ pod must have a unique name. Name for the port that
|
|
|
+ can be referred to by services.
|
|
|
+ type: string
|
|
|
+ protocol:
|
|
|
+ default: TCP
|
|
|
+ description: Protocol for port. Must be UDP, TCP,
|
|
|
+ or SCTP. Defaults to "TCP".
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - containerPort
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - containerPort
|
|
|
+ - protocol
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ readinessProbe:
|
|
|
+ description: Probes are not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ resources:
|
|
|
+ description: Resources are not allowed for ephemeral containers.
|
|
|
+ Ephemeral containers use spare resources already allocated
|
|
|
+ to the pod.
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum amount of
|
|
|
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum amount
|
|
|
+ of compute resources required. If Requests is omitted
|
|
|
+ for a container, it defaults to Limits if that is
|
|
|
+ explicitly specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ securityContext:
|
|
|
+ description: 'Optional: SecurityContext defines the security
|
|
|
+ options the ephemeral container should be run with. If
|
|
|
+ set, the fields of SecurityContext override the equivalent
|
|
|
+ fields of PodSecurityContext.'
|
|
|
+ properties:
|
|
|
+ allowPrivilegeEscalation:
|
|
|
+ description: 'AllowPrivilegeEscalation controls whether
|
|
|
+ a process can gain more privileges than its parent
|
|
|
+ process. This bool directly controls if the no_new_privs
|
|
|
+ flag will be set on the container process. AllowPrivilegeEscalation
|
|
|
+ is true always when the container is: 1) run as Privileged
|
|
|
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
|
|
|
+ set when spec.os.name is windows.'
|
|
|
+ type: boolean
|
|
|
+ capabilities:
|
|
|
+ description: The capabilities to add/drop when running
|
|
|
+ containers. Defaults to the default set of capabilities
|
|
|
+ granted by the container runtime. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ add:
|
|
|
+ description: Added capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ drop:
|
|
|
+ description: Removed capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ privileged:
|
|
|
+ description: Run container in privileged mode. Processes
|
|
|
+ in privileged containers are essentially equivalent
|
|
|
+ to root on the host. Defaults to false. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ procMount:
|
|
|
+ description: procMount denotes the type of proc mount
|
|
|
+ to use for the containers. The default is DefaultProcMount
|
|
|
+ which uses the container runtime defaults for readonly
|
|
|
+ paths and masked paths. This requires the ProcMountType
|
|
|
+ feature flag to be enabled. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ type: string
|
|
|
+ readOnlyRootFilesystem:
|
|
|
+ description: Whether this container has a read-only
|
|
|
+ root filesystem. Default is false. Note that this
|
|
|
+ field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be
|
|
|
+ set in PodSecurityContext. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as
|
|
|
+ a non-root user. If true, the Kubelet will validate
|
|
|
+ the image at runtime to ensure that it does not run
|
|
|
+ as UID 0 (root) and fail to start the container if
|
|
|
+ it does. If unset or false, no such validation will
|
|
|
+ be performed. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata
|
|
|
+ if unspecified. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to the
|
|
|
+ container. If unspecified, the container runtime will
|
|
|
+ allocate a random SELinux context for each container. May
|
|
|
+ also be set in PodSecurityContext. If set in both
|
|
|
+ SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence. Note
|
|
|
+ that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by this container.
|
|
|
+ If seccomp options are provided at both the pod &
|
|
|
+ container level, the container options override the
|
|
|
+ pod options. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile
|
|
|
+ defined in a file on the node should be used.
|
|
|
+ The profile must be preconfigured on the node
|
|
|
+ to work. Must be a descending path, relative to
|
|
|
+ the kubelet's configured seccomp profile location.
|
|
|
+ Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp
|
|
|
+ profile will be applied. Valid options are: \n
|
|
|
+ Localhost - a profile defined in a file on the
|
|
|
+ node should be used. RuntimeDefault - the container
|
|
|
+ runtime default profile should be used. Unconfined
|
|
|
+ - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to
|
|
|
+ all containers. If unspecified, the options from the
|
|
|
+ PodSecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA
|
|
|
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec
|
|
|
+ named by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name
|
|
|
+ of the GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container
|
|
|
+ should be run as a 'Host Process' container. This
|
|
|
+ field is alpha-level and will only be honored
|
|
|
+ by components that enable the WindowsHostProcessContainers
|
|
|
+ feature flag. Setting this field without the feature
|
|
|
+ flag will result in errors when validating the
|
|
|
+ Pod. All of a Pod's containers must have the same
|
|
|
+ effective HostProcess value (it is not allowed
|
|
|
+ to have a mix of HostProcess containers and non-HostProcess
|
|
|
+ containers). In addition, if HostProcess is true
|
|
|
+ then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the
|
|
|
+ entrypoint of the container process. Defaults
|
|
|
+ to the user specified in image metadata if unspecified.
|
|
|
+ May also be set in PodSecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ startupProbe:
|
|
|
+ description: Probes are not allowed for ephemeral containers.
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ stdin:
|
|
|
+ description: Whether this container should allocate a buffer
|
|
|
+ for stdin in the container runtime. If this is not set,
|
|
|
+ reads from stdin in the container will always result in
|
|
|
+ EOF. Default is false.
|
|
|
+ type: boolean
|
|
|
+ stdinOnce:
|
|
|
+ description: Whether the container runtime should close
|
|
|
+ the stdin channel after it has been opened by a single
|
|
|
+ attach. When stdin is true the stdin stream will remain
|
|
|
+ open across multiple attach sessions. If stdinOnce is
|
|
|
+ set to true, stdin is opened on container start, is empty
|
|
|
+ until the first client attaches to stdin, and then remains
|
|
|
+ open and accepts data until the client disconnects, at
|
|
|
+ which time stdin is closed and remains closed until the
|
|
|
+ container is restarted. If this flag is false, a container
|
|
|
+ processes that reads from stdin will never receive an
|
|
|
+ EOF. Default is false
|
|
|
+ type: boolean
|
|
|
+ targetContainerName:
|
|
|
+ description: "If set, the name of the container from PodSpec
|
|
|
+ that this ephemeral container targets. The ephemeral container
|
|
|
+ will be run in the namespaces (IPC, PID, etc) of this
|
|
|
+ container. If not set then the ephemeral container uses
|
|
|
+ the namespaces configured in the Pod spec. \n The container
|
|
|
+ runtime must implement support for this feature. If the
|
|
|
+ runtime does not support namespace targeting then the
|
|
|
+ result of setting this field is undefined."
|
|
|
+ type: string
|
|
|
+ terminationMessagePath:
|
|
|
+ description: 'Optional: Path at which the file to which
|
|
|
+ the container''s termination message will be written is
|
|
|
+ mounted into the container''s filesystem. Message written
|
|
|
+ is intended to be brief final status, such as an assertion
|
|
|
+ failure message. Will be truncated by the node if greater
|
|
|
+ than 4096 bytes. The total message length across all containers
|
|
|
+ will be limited to 12kb. Defaults to /dev/termination-log.
|
|
|
+ Cannot be updated.'
|
|
|
+ type: string
|
|
|
+ terminationMessagePolicy:
|
|
|
+ description: Indicate how the termination message should
|
|
|
+ be populated. File will use the contents of terminationMessagePath
|
|
|
+ to populate the container status message on both success
|
|
|
+ and failure. FallbackToLogsOnError will use the last chunk
|
|
|
+ of container log output if the termination message file
|
|
|
+ is empty and the container exited with an error. The log
|
|
|
+ output is limited to 2048 bytes or 80 lines, whichever
|
|
|
+ is smaller. Defaults to File. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ tty:
|
|
|
+ description: Whether this container should allocate a TTY
|
|
|
+ for itself, also requires 'stdin' to be true. Default
|
|
|
+ is false.
|
|
|
+ type: boolean
|
|
|
+ volumeDevices:
|
|
|
+ description: volumeDevices is the list of block devices
|
|
|
+ to be used by the container.
|
|
|
+ items:
|
|
|
+ description: volumeDevice describes a mapping of a raw
|
|
|
+ block device within a container.
|
|
|
+ properties:
|
|
|
+ devicePath:
|
|
|
+ description: devicePath is the path inside of the
|
|
|
+ container that the device will be mapped to.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: name must match the name of a persistentVolumeClaim
|
|
|
+ in the pod
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - devicePath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ volumeMounts:
|
|
|
+ description: Pod volumes to mount into the container's filesystem.
|
|
|
+ Subpath mounts are not allowed for ephemeral containers.
|
|
|
+ Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: VolumeMount describes a mounting of a Volume
|
|
|
+ within a container.
|
|
|
+ properties:
|
|
|
+ mountPath:
|
|
|
+ description: Path within the container at which the
|
|
|
+ volume should be mounted. Must not contain ':'.
|
|
|
+ type: string
|
|
|
+ mountPropagation:
|
|
|
+ description: mountPropagation determines how mounts
|
|
|
+ are propagated from the host to container and the
|
|
|
+ other way around. When not set, MountPropagationNone
|
|
|
+ is used. This field is beta in 1.10.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: This must match the Name of a Volume.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: Mounted read-only if true, read-write
|
|
|
+ otherwise (false or unspecified). Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ subPath:
|
|
|
+ description: Path within the volume from which the
|
|
|
+ container's volume should be mounted. Defaults to
|
|
|
+ "" (volume's root).
|
|
|
+ type: string
|
|
|
+ subPathExpr:
|
|
|
+ description: Expanded path within the volume from
|
|
|
+ which the container's volume should be mounted.
|
|
|
+ Behaves similarly to SubPath but environment variable
|
|
|
+ references $(VAR_NAME) are expanded using the container's
|
|
|
+ environment. Defaults to "" (volume's root). SubPathExpr
|
|
|
+ and SubPath are mutually exclusive.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - mountPath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ workingDir:
|
|
|
+ description: Container's working directory. If not specified,
|
|
|
+ the container runtime's default will be used, which might
|
|
|
+ be configured in the container image. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ hostAliases:
|
|
|
+ description: HostAliases is an optional list of hosts and IPs
|
|
|
+ that will be injected into the pod's hosts file if specified.
|
|
|
+ This is only valid for non-hostNetwork pods.
|
|
|
+ items:
|
|
|
+ description: HostAlias holds the mapping between IP and hostnames
|
|
|
+ that will be injected as an entry in the pod's hosts file.
|
|
|
+ properties:
|
|
|
+ hostnames:
|
|
|
+ description: Hostnames for the above IP address.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ ip:
|
|
|
+ description: IP address of the host file entry.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ hostIPC:
|
|
|
+ description: 'Use the host''s ipc namespace. Optional: Default
|
|
|
+ to false.'
|
|
|
+ type: boolean
|
|
|
+ hostNetwork:
|
|
|
+ description: Host networking requested for this pod. Use the host's
|
|
|
+ network namespace. If this option is set, the ports that will
|
|
|
+ be used must be specified. Default to false.
|
|
|
+ type: boolean
|
|
|
+ hostPID:
|
|
|
+ description: 'Use the host''s pid namespace. Optional: Default
|
|
|
+ to false.'
|
|
|
+ type: boolean
|
|
|
+ hostname:
|
|
|
+ description: Specifies the hostname of the Pod If not specified,
|
|
|
+ the pod's hostname will be set to a system-defined value.
|
|
|
+ type: string
|
|
|
+ imagePullSecrets:
|
|
|
+ description: 'ImagePullSecrets is an optional list of references
|
|
|
+ to secrets in the same namespace to use for pulling any of the
|
|
|
+ images used by this PodSpec. If specified, these secrets will
|
|
|
+ be passed to individual puller implementations for them to use.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
|
|
|
+ items:
|
|
|
+ description: LocalObjectReference contains enough information
|
|
|
+ to let you locate the referenced object inside the same namespace.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: array
|
|
|
+ initContainers:
|
|
|
+ description: 'List of initialization containers belonging to the
|
|
|
+ pod. Init containers are executed in order prior to containers
|
|
|
+ being started. If any init container fails, the pod is considered
|
|
|
+ to have failed and is handled according to its restartPolicy.
|
|
|
+ The name for an init container or normal container must be unique
|
|
|
+ among all containers. Init containers may not have Lifecycle
|
|
|
+ actions, Readiness probes, Liveness probes, or Startup probes.
|
|
|
+ The resourceRequirements of an init container are taken into
|
|
|
+ account during scheduling by finding the highest request/limit
|
|
|
+ for each resource type, and then using the max of of that value
|
|
|
+ or the sum of the normal containers. Limits are applied to init
|
|
|
+ containers in a similar fashion. Init containers cannot currently
|
|
|
+ be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
|
|
|
+ items:
|
|
|
+ description: A single application container that you want to
|
|
|
+ run within a pod.
|
|
|
+ properties:
|
|
|
+ args:
|
|
|
+ description: 'Arguments to the entrypoint. The container
|
|
|
+ image''s CMD is used if this is not provided. Variable
|
|
|
+ references $(VAR_NAME) are expanded using the container''s
|
|
|
+ environment. If a variable cannot be resolved, the reference
|
|
|
+ in the input string will be unchanged. Double $$ are reduced
|
|
|
+ to a single $, which allows for escaping the $(VAR_NAME)
|
|
|
+ syntax: i.e. "$$(VAR_NAME)" will produce the string literal
|
|
|
+ "$(VAR_NAME)". Escaped references will never be expanded,
|
|
|
+ regardless of whether the variable exists or not. Cannot
|
|
|
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ command:
|
|
|
+ description: 'Entrypoint array. Not executed within a shell.
|
|
|
+ The container image''s ENTRYPOINT is used if this is not
|
|
|
+ provided. Variable references $(VAR_NAME) are expanded
|
|
|
+ using the container''s environment. If a variable cannot
|
|
|
+ be resolved, the reference in the input string will be
|
|
|
+ unchanged. Double $$ are reduced to a single $, which
|
|
|
+ allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of whether
|
|
|
+ the variable exists or not. Cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ env:
|
|
|
+ description: List of environment variables to set in the
|
|
|
+ container. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvVar represents an environment variable
|
|
|
+ present in a Container.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of the environment variable. Must
|
|
|
+ be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: 'Variable references $(VAR_NAME) are
|
|
|
+ expanded using the previously defined environment
|
|
|
+ variables in the container and any service environment
|
|
|
+ variables. If a variable cannot be resolved, the
|
|
|
+ reference in the input string will be unchanged.
|
|
|
+ Double $$ are reduced to a single $, which allows
|
|
|
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
|
|
|
+ will produce the string literal "$(VAR_NAME)". Escaped
|
|
|
+ references will never be expanded, regardless of
|
|
|
+ whether the variable exists or not. Defaults to
|
|
|
+ "".'
|
|
|
+ type: string
|
|
|
+ valueFrom:
|
|
|
+ description: Source for the environment variable's
|
|
|
+ value. Cannot be used if value is not empty.
|
|
|
+ properties:
|
|
|
+ configMapKeyRef:
|
|
|
+ description: Selects a key of a ConfigMap.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key to select.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap
|
|
|
+ or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ fieldRef:
|
|
|
+ description: 'Selects a field of the pod: supports
|
|
|
+ metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
|
|
|
+ `metadata.annotations[''<KEY>'']`, spec.nodeName,
|
|
|
+ spec.serviceAccountName, status.hostIP, status.podIP,
|
|
|
+ status.podIPs.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, limits.ephemeral-storage, requests.cpu,
|
|
|
+ requests.memory and requests.ephemeral-storage)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ secretKeyRef:
|
|
|
+ description: Selects a key of a secret in the
|
|
|
+ pod's namespace
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: The key of the secret to select
|
|
|
+ from. Must be a valid secret key.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret or
|
|
|
+ its key must be defined
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ envFrom:
|
|
|
+ description: List of sources to populate environment variables
|
|
|
+ in the container. The keys defined within a source must
|
|
|
+ be a C_IDENTIFIER. All invalid keys will be reported as
|
|
|
+ an event when the container is starting. When a key exists
|
|
|
+ in multiple sources, the value associated with the last
|
|
|
+ source will take precedence. Values defined by an Env
|
|
|
+ with a duplicate key will take precedence. Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: EnvFromSource represents the source of a
|
|
|
+ set of ConfigMaps
|
|
|
+ properties:
|
|
|
+ configMapRef:
|
|
|
+ description: The ConfigMap to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the ConfigMap must
|
|
|
+ be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ prefix:
|
|
|
+ description: An optional identifier to prepend to
|
|
|
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: The Secret to select from
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: Specify whether the Secret must be
|
|
|
+ defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ image:
|
|
|
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
|
|
|
+ This field is optional to allow higher level config management
|
|
|
+ to default or override container images in workload controllers
|
|
|
+ like Deployments and StatefulSets.'
|
|
|
+ type: string
|
|
|
+ imagePullPolicy:
|
|
|
+ description: 'Image pull policy. One of Always, Never, IfNotPresent.
|
|
|
+ Defaults to Always if :latest tag is specified, or IfNotPresent
|
|
|
+ otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
|
|
|
+ type: string
|
|
|
+ lifecycle:
|
|
|
+ description: Actions that the management system should take
|
|
|
+ in response to container lifecycle events. Cannot be updated.
|
|
|
+ properties:
|
|
|
+ postStart:
|
|
|
+ description: 'PostStart is called immediately after
|
|
|
+ a container is created. If the handler fails, the
|
|
|
+ container is terminated and restarted according to
|
|
|
+ its restart policy. Other management of the container
|
|
|
+ blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ preStop:
|
|
|
+ description: 'PreStop is called immediately before a
|
|
|
+ container is terminated due to an API request or management
|
|
|
+ event such as liveness/startup probe failure, preemption,
|
|
|
+ resource contention, etc. The handler is not called
|
|
|
+ if the container crashes or exits. The Pod''s termination
|
|
|
+ grace period countdown begins before the PreStop hook
|
|
|
+ is executed. Regardless of the outcome of the handler,
|
|
|
+ the container will eventually terminate within the
|
|
|
+ Pod''s termination grace period (unless delayed by
|
|
|
+ finalizers). Other management of the container blocks
|
|
|
+ until the hook completes or until the termination
|
|
|
+ grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to
|
|
|
+ execute inside the container, the working
|
|
|
+ directory for the command is root ('/') in
|
|
|
+ the container's filesystem. The command is
|
|
|
+ simply exec'd, it is not run inside a shell,
|
|
|
+ so traditional shell instructions ('|', etc)
|
|
|
+ won't work. To use a shell, you need to explicitly
|
|
|
+ call out to that shell. Exit status of 0 is
|
|
|
+ treated as live/healthy and non-zero is unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request
|
|
|
+ to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults
|
|
|
+ to the pod IP. You probably want to set "Host"
|
|
|
+ in httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom
|
|
|
+ header to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to
|
|
|
+ the host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ tcpSocket:
|
|
|
+ description: Deprecated. TCPSocket is NOT supported
|
|
|
+ as a LifecycleHandler and kept for the backward
|
|
|
+ compatibility. There are no validation of this
|
|
|
+ field and lifecycle hooks will fail in runtime
|
|
|
+ when tcp handler is specified.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect
|
|
|
+ to, defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ livenessProbe:
|
|
|
+ description: 'Periodic probe of container liveness. Container
|
|
|
+ will be restarted if the probe fails. Cannot be updated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: Name of the container specified as a DNS_LABEL.
|
|
|
+ Each container in a pod must have a unique name (DNS_LABEL).
|
|
|
+ Cannot be updated.
|
|
|
+ type: string
|
|
|
+ ports:
|
|
|
+ description: List of ports to expose from the container.
|
|
|
+ Exposing a port here gives the system additional information
|
|
|
+ about the network connections a container uses, but is
|
|
|
+ primarily informational. Not specifying a port here DOES
|
|
|
+ NOT prevent that port from being exposed. Any port which
|
|
|
+ is listening on the default "0.0.0.0" address inside a
|
|
|
+ container will be accessible from the network. Cannot
|
|
|
+ be updated.
|
|
|
+ items:
|
|
|
+ description: ContainerPort represents a network port in
|
|
|
+ a single container.
|
|
|
+ properties:
|
|
|
+ containerPort:
|
|
|
+ description: Number of port to expose on the pod's
|
|
|
+ IP address. This must be a valid port number, 0
|
|
|
+ < x < 65536.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ hostIP:
|
|
|
+ description: What host IP to bind the external port
|
|
|
+ to.
|
|
|
+ type: string
|
|
|
+ hostPort:
|
|
|
+ description: Number of port to expose on the host.
|
|
|
+ If specified, this must be a valid port number,
|
|
|
+ 0 < x < 65536. If HostNetwork is specified, this
|
|
|
+ must match ContainerPort. Most containers do not
|
|
|
+ need this.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ name:
|
|
|
+ description: If specified, this must be an IANA_SVC_NAME
|
|
|
+ and unique within the pod. Each named port in a
|
|
|
+ pod must have a unique name. Name for the port that
|
|
|
+ can be referred to by services.
|
|
|
+ type: string
|
|
|
+ protocol:
|
|
|
+ default: TCP
|
|
|
+ description: Protocol for port. Must be UDP, TCP,
|
|
|
+ or SCTP. Defaults to "TCP".
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - containerPort
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - containerPort
|
|
|
+ - protocol
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ readinessProbe:
|
|
|
+ description: 'Periodic probe of container service readiness.
|
|
|
+ Container will be removed from service endpoints if the
|
|
|
+ probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ resources:
|
|
|
+ description: 'Compute Resources required by this container.
|
|
|
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum amount of
|
|
|
+ compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum amount
|
|
|
+ of compute resources required. If Requests is omitted
|
|
|
+ for a container, it defaults to Limits if that is
|
|
|
+ explicitly specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ securityContext:
|
|
|
+ description: 'SecurityContext defines the security options
|
|
|
+ the container should be run with. If set, the fields of
|
|
|
+ SecurityContext override the equivalent fields of PodSecurityContext.
|
|
|
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
|
|
|
+ properties:
|
|
|
+ allowPrivilegeEscalation:
|
|
|
+ description: 'AllowPrivilegeEscalation controls whether
|
|
|
+ a process can gain more privileges than its parent
|
|
|
+ process. This bool directly controls if the no_new_privs
|
|
|
+ flag will be set on the container process. AllowPrivilegeEscalation
|
|
|
+ is true always when the container is: 1) run as Privileged
|
|
|
+ 2) has CAP_SYS_ADMIN Note that this field cannot be
|
|
|
+ set when spec.os.name is windows.'
|
|
|
+ type: boolean
|
|
|
+ capabilities:
|
|
|
+ description: The capabilities to add/drop when running
|
|
|
+ containers. Defaults to the default set of capabilities
|
|
|
+ granted by the container runtime. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ add:
|
|
|
+ description: Added capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ drop:
|
|
|
+ description: Removed capabilities
|
|
|
+ items:
|
|
|
+ description: Capability represent POSIX capabilities
|
|
|
+ type
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ privileged:
|
|
|
+ description: Run container in privileged mode. Processes
|
|
|
+ in privileged containers are essentially equivalent
|
|
|
+ to root on the host. Defaults to false. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ procMount:
|
|
|
+ description: procMount denotes the type of proc mount
|
|
|
+ to use for the containers. The default is DefaultProcMount
|
|
|
+ which uses the container runtime defaults for readonly
|
|
|
+ paths and masked paths. This requires the ProcMountType
|
|
|
+ feature flag to be enabled. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ type: string
|
|
|
+ readOnlyRootFilesystem:
|
|
|
+ description: Whether this container has a read-only
|
|
|
+ root filesystem. Default is false. Note that this
|
|
|
+ field cannot be set when spec.os.name is windows.
|
|
|
+ type: boolean
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be
|
|
|
+ set in PodSecurityContext. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as
|
|
|
+ a non-root user. If true, the Kubelet will validate
|
|
|
+ the image at runtime to ensure that it does not run
|
|
|
+ as UID 0 (root) and fail to start the container if
|
|
|
+ it does. If unset or false, no such validation will
|
|
|
+ be performed. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata
|
|
|
+ if unspecified. May also be set in PodSecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to the
|
|
|
+ container. If unspecified, the container runtime will
|
|
|
+ allocate a random SELinux context for each container. May
|
|
|
+ also be set in PodSecurityContext. If set in both
|
|
|
+ SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence. Note
|
|
|
+ that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by this container.
|
|
|
+ If seccomp options are provided at both the pod &
|
|
|
+ container level, the container options override the
|
|
|
+ pod options. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile
|
|
|
+ defined in a file on the node should be used.
|
|
|
+ The profile must be preconfigured on the node
|
|
|
+ to work. Must be a descending path, relative to
|
|
|
+ the kubelet's configured seccomp profile location.
|
|
|
+ Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp
|
|
|
+ profile will be applied. Valid options are: \n
|
|
|
+ Localhost - a profile defined in a file on the
|
|
|
+ node should be used. RuntimeDefault - the container
|
|
|
+ runtime default profile should be used. Unconfined
|
|
|
+ - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to
|
|
|
+ all containers. If unspecified, the options from the
|
|
|
+ PodSecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set
|
|
|
+ when spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA
|
|
|
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec
|
|
|
+ named by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name
|
|
|
+ of the GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container
|
|
|
+ should be run as a 'Host Process' container. This
|
|
|
+ field is alpha-level and will only be honored
|
|
|
+ by components that enable the WindowsHostProcessContainers
|
|
|
+ feature flag. Setting this field without the feature
|
|
|
+ flag will result in errors when validating the
|
|
|
+ Pod. All of a Pod's containers must have the same
|
|
|
+ effective HostProcess value (it is not allowed
|
|
|
+ to have a mix of HostProcess containers and non-HostProcess
|
|
|
+ containers). In addition, if HostProcess is true
|
|
|
+ then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the
|
|
|
+ entrypoint of the container process. Defaults
|
|
|
+ to the user specified in image metadata if unspecified.
|
|
|
+ May also be set in PodSecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ startupProbe:
|
|
|
+ description: 'StartupProbe indicates that the Pod has successfully
|
|
|
+ initialized. If specified, no other probes are executed
|
|
|
+ until this completes successfully. If this probe fails,
|
|
|
+ the Pod will be restarted, just as if the livenessProbe
|
|
|
+ failed. This can be used to provide different probe parameters
|
|
|
+ at the beginning of a Pod''s lifecycle, when it might
|
|
|
+ take a long time to load data or warm a cache, than during
|
|
|
+ steady-state operation. This cannot be updated. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ properties:
|
|
|
+ exec:
|
|
|
+ description: Exec specifies the action to take.
|
|
|
+ properties:
|
|
|
+ command:
|
|
|
+ description: Command is the command line to execute
|
|
|
+ inside the container, the working directory for
|
|
|
+ the command is root ('/') in the container's
|
|
|
+ filesystem. The command is simply exec'd, it is
|
|
|
+ not run inside a shell, so traditional shell instructions
|
|
|
+ ('|', etc) won't work. To use a shell, you need
|
|
|
+ to explicitly call out to that shell. Exit status
|
|
|
+ of 0 is treated as live/healthy and non-zero is
|
|
|
+ unhealthy.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ failureThreshold:
|
|
|
+ description: Minimum consecutive failures for the probe
|
|
|
+ to be considered failed after having succeeded. Defaults
|
|
|
+ to 3. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ grpc:
|
|
|
+ description: GRPC specifies an action involving a GRPC
|
|
|
+ port. This is a beta field and requires enabling GRPCContainerProbe
|
|
|
+ feature gate.
|
|
|
+ properties:
|
|
|
+ port:
|
|
|
+ description: Port number of the gRPC service. Number
|
|
|
+ must be in the range 1 to 65535.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ service:
|
|
|
+ description: "Service is the name of the service
|
|
|
+ to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
|
|
|
+ \n If this is not specified, the default behavior
|
|
|
+ is defined by gRPC."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ httpGet:
|
|
|
+ description: HTTPGet specifies the http request to perform.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: Host name to connect to, defaults to
|
|
|
+ the pod IP. You probably want to set "Host" in
|
|
|
+ httpHeaders instead.
|
|
|
+ type: string
|
|
|
+ httpHeaders:
|
|
|
+ description: Custom headers to set in the request.
|
|
|
+ HTTP allows repeated headers.
|
|
|
+ items:
|
|
|
+ description: HTTPHeader describes a custom header
|
|
|
+ to be used in HTTP probes
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: The header field name
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: The header field value
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: Path to access on the HTTP server.
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Name or number of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ scheme:
|
|
|
+ description: Scheme to use for connecting to the
|
|
|
+ host. Defaults to HTTP.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ initialDelaySeconds:
|
|
|
+ description: 'Number of seconds after the container
|
|
|
+ has started before liveness probes are initiated.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ periodSeconds:
|
|
|
+ description: How often (in seconds) to perform the probe.
|
|
|
+ Default to 10 seconds. Minimum value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ successThreshold:
|
|
|
+ description: Minimum consecutive successes for the probe
|
|
|
+ to be considered successful after having failed. Defaults
|
|
|
+ to 1. Must be 1 for liveness and startup. Minimum
|
|
|
+ value is 1.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ tcpSocket:
|
|
|
+ description: TCPSocket specifies an action involving
|
|
|
+ a TCP port.
|
|
|
+ properties:
|
|
|
+ host:
|
|
|
+ description: 'Optional: Host name to connect to,
|
|
|
+ defaults to the pod IP.'
|
|
|
+ type: string
|
|
|
+ port:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Number or name of the port to access
|
|
|
+ on the container. Number must be in the range
|
|
|
+ 1 to 65535. Name must be an IANA_SVC_NAME.
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ required:
|
|
|
+ - port
|
|
|
+ type: object
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs
|
|
|
+ to terminate gracefully upon probe failure. The grace
|
|
|
+ period is the duration in seconds after the processes
|
|
|
+ running in the pod are sent a termination signal and
|
|
|
+ the time when the processes are forcibly halted with
|
|
|
+ a kill signal. Set this value longer than the expected
|
|
|
+ cleanup time for your process. If this value is nil,
|
|
|
+ the pod's terminationGracePeriodSeconds will be used.
|
|
|
+ Otherwise, this value overrides the value provided
|
|
|
+ by the pod spec. Value must be non-negative integer.
|
|
|
+ The value zero indicates stop immediately via the
|
|
|
+ kill signal (no opportunity to shut down). This is
|
|
|
+ a beta field and requires enabling ProbeTerminationGracePeriod
|
|
|
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
|
|
|
+ is used if unset.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ timeoutSeconds:
|
|
|
+ description: 'Number of seconds after which the probe
|
|
|
+ times out. Defaults to 1 second. Minimum value is
|
|
|
+ 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ type: object
|
|
|
+ stdin:
|
|
|
+ description: Whether this container should allocate a buffer
|
|
|
+ for stdin in the container runtime. If this is not set,
|
|
|
+ reads from stdin in the container will always result in
|
|
|
+ EOF. Default is false.
|
|
|
+ type: boolean
|
|
|
+ stdinOnce:
|
|
|
+ description: Whether the container runtime should close
|
|
|
+ the stdin channel after it has been opened by a single
|
|
|
+ attach. When stdin is true the stdin stream will remain
|
|
|
+ open across multiple attach sessions. If stdinOnce is
|
|
|
+ set to true, stdin is opened on container start, is empty
|
|
|
+ until the first client attaches to stdin, and then remains
|
|
|
+ open and accepts data until the client disconnects, at
|
|
|
+ which time stdin is closed and remains closed until the
|
|
|
+ container is restarted. If this flag is false, a container
|
|
|
+ processes that reads from stdin will never receive an
|
|
|
+ EOF. Default is false
|
|
|
+ type: boolean
|
|
|
+ terminationMessagePath:
|
|
|
+ description: 'Optional: Path at which the file to which
|
|
|
+ the container''s termination message will be written is
|
|
|
+ mounted into the container''s filesystem. Message written
|
|
|
+ is intended to be brief final status, such as an assertion
|
|
|
+ failure message. Will be truncated by the node if greater
|
|
|
+ than 4096 bytes. The total message length across all containers
|
|
|
+ will be limited to 12kb. Defaults to /dev/termination-log.
|
|
|
+ Cannot be updated.'
|
|
|
+ type: string
|
|
|
+ terminationMessagePolicy:
|
|
|
+ description: Indicate how the termination message should
|
|
|
+ be populated. File will use the contents of terminationMessagePath
|
|
|
+ to populate the container status message on both success
|
|
|
+ and failure. FallbackToLogsOnError will use the last chunk
|
|
|
+ of container log output if the termination message file
|
|
|
+ is empty and the container exited with an error. The log
|
|
|
+ output is limited to 2048 bytes or 80 lines, whichever
|
|
|
+ is smaller. Defaults to File. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ tty:
|
|
|
+ description: Whether this container should allocate a TTY
|
|
|
+ for itself, also requires 'stdin' to be true. Default
|
|
|
+ is false.
|
|
|
+ type: boolean
|
|
|
+ volumeDevices:
|
|
|
+ description: volumeDevices is the list of block devices
|
|
|
+ to be used by the container.
|
|
|
+ items:
|
|
|
+ description: volumeDevice describes a mapping of a raw
|
|
|
+ block device within a container.
|
|
|
+ properties:
|
|
|
+ devicePath:
|
|
|
+ description: devicePath is the path inside of the
|
|
|
+ container that the device will be mapped to.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: name must match the name of a persistentVolumeClaim
|
|
|
+ in the pod
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - devicePath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ volumeMounts:
|
|
|
+ description: Pod volumes to mount into the container's filesystem.
|
|
|
+ Cannot be updated.
|
|
|
+ items:
|
|
|
+ description: VolumeMount describes a mounting of a Volume
|
|
|
+ within a container.
|
|
|
+ properties:
|
|
|
+ mountPath:
|
|
|
+ description: Path within the container at which the
|
|
|
+ volume should be mounted. Must not contain ':'.
|
|
|
+ type: string
|
|
|
+ mountPropagation:
|
|
|
+ description: mountPropagation determines how mounts
|
|
|
+ are propagated from the host to container and the
|
|
|
+ other way around. When not set, MountPropagationNone
|
|
|
+ is used. This field is beta in 1.10.
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: This must match the Name of a Volume.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: Mounted read-only if true, read-write
|
|
|
+ otherwise (false or unspecified). Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ subPath:
|
|
|
+ description: Path within the volume from which the
|
|
|
+ container's volume should be mounted. Defaults to
|
|
|
+ "" (volume's root).
|
|
|
+ type: string
|
|
|
+ subPathExpr:
|
|
|
+ description: Expanded path within the volume from
|
|
|
+ which the container's volume should be mounted.
|
|
|
+ Behaves similarly to SubPath but environment variable
|
|
|
+ references $(VAR_NAME) are expanded using the container's
|
|
|
+ environment. Defaults to "" (volume's root). SubPathExpr
|
|
|
+ and SubPath are mutually exclusive.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - mountPath
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ workingDir:
|
|
|
+ description: Container's working directory. If not specified,
|
|
|
+ the container runtime's default will be used, which might
|
|
|
+ be configured in the container image. Cannot be updated.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ nodeName:
|
|
|
+ description: NodeName is a request to schedule this pod onto a
|
|
|
+ specific node. If it is non-empty, the scheduler simply schedules
|
|
|
+ this pod onto that node, assuming that it fits resource requirements.
|
|
|
+ type: string
|
|
|
+ nodeSelector:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: 'NodeSelector is a selector which must be true for
|
|
|
+ the pod to fit on a node. Selector which must match a node''s
|
|
|
+ labels for the pod to be scheduled on that node. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ os:
|
|
|
+ description: "Specifies the OS of the containers in the pod. Some
|
|
|
+ pod and container fields are restricted if this is set. \n If
|
|
|
+ the OS field is set to linux, the following fields must be unset:
|
|
|
+ -securityContext.windowsOptions \n If the OS field is set to
|
|
|
+ windows, following fields must be unset: - spec.hostPID - spec.hostIPC
|
|
|
+ - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
|
|
|
+ - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
|
|
|
+ - spec.securityContext.sysctls - spec.shareProcessNamespace
|
|
|
+ - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
|
|
|
+ - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
|
|
|
+ - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities
|
|
|
+ - spec.containers[*].securityContext.readOnlyRootFilesystem
|
|
|
+ - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
|
|
|
+ - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
|
|
|
+ - spec.containers[*].securityContext.runAsGroup This is a beta
|
|
|
+ field and requires the IdentifyPodOS feature"
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name is the name of the operating system. The
|
|
|
+ currently supported values are linux and windows. Additional
|
|
|
+ value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
|
|
|
+ Clients should expect to handle additional values and treat
|
|
|
+ unrecognized values in this field as os: null'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ overhead:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Overhead represents the resource overhead associated
|
|
|
+ with running a pod for a given RuntimeClass. This field will
|
|
|
+ be autopopulated at admission time by the RuntimeClass admission
|
|
|
+ controller. If the RuntimeClass admission controller is enabled,
|
|
|
+ overhead must not be set in Pod create requests. The RuntimeClass
|
|
|
+ admission controller will reject Pod create requests which have
|
|
|
+ the overhead already set. If RuntimeClass is configured and
|
|
|
+ selected in the PodSpec, Overhead will be set to the value defined
|
|
|
+ in the corresponding RuntimeClass, otherwise it will remain
|
|
|
+ unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
|
|
|
+ type: object
|
|
|
+ preemptionPolicy:
|
|
|
+ description: PreemptionPolicy is the Policy for preempting pods
|
|
|
+ with lower priority. One of Never, PreemptLowerPriority. Defaults
|
|
|
+ to PreemptLowerPriority if unset.
|
|
|
+ type: string
|
|
|
+ priority:
|
|
|
+ description: The priority value. Various system components use
|
|
|
+ this field to find the priority of the pod. When Priority Admission
|
|
|
+ Controller is enabled, it prevents users from setting this field.
|
|
|
+ The admission controller populates this field from PriorityClassName.
|
|
|
+ The higher the value, the higher the priority.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ priorityClassName:
|
|
|
+ description: If specified, indicates the pod's priority. "system-node-critical"
|
|
|
+ and "system-cluster-critical" are two special keywords which
|
|
|
+ indicate the highest priorities with the former being the highest
|
|
|
+ priority. Any other name must be defined by creating a PriorityClass
|
|
|
+ object with that name. If not specified, the pod priority will
|
|
|
+ be default or zero if there is no default.
|
|
|
+ type: string
|
|
|
+ readinessGates:
|
|
|
+ description: 'If specified, all readiness gates will be evaluated
|
|
|
+ for pod readiness. A pod is ready when all its containers are
|
|
|
+ ready AND all conditions specified in the readiness gates have
|
|
|
+ status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
|
|
|
+ items:
|
|
|
+ description: PodReadinessGate contains the reference to a pod
|
|
|
+ condition
|
|
|
+ properties:
|
|
|
+ conditionType:
|
|
|
+ description: ConditionType refers to a condition in the
|
|
|
+ pod's condition list with matching type.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - conditionType
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ restartPolicy:
|
|
|
+ description: 'Restart policy for all containers within the pod.
|
|
|
+ One of Always, OnFailure, Never. Default to Always. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
|
|
|
+ type: string
|
|
|
+ runtimeClassName:
|
|
|
+ description: 'RuntimeClassName refers to a RuntimeClass object
|
|
|
+ in the node.k8s.io group, which should be used to run this pod. If
|
|
|
+ no RuntimeClass resource matches the named class, the pod will
|
|
|
+ not be run. If unset or empty, the "legacy" RuntimeClass will
|
|
|
+ be used, which is an implicit class with an empty definition
|
|
|
+ that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
|
|
|
+ type: string
|
|
|
+ schedulerName:
|
|
|
+ description: If specified, the pod will be dispatched by specified
|
|
|
+ scheduler. If not specified, the pod will be dispatched by default
|
|
|
+ scheduler.
|
|
|
+ type: string
|
|
|
+ securityContext:
|
|
|
+ description: 'SecurityContext holds pod-level security attributes
|
|
|
+ and common container settings. Optional: Defaults to empty. See
|
|
|
+ type description for default values of each field.'
|
|
|
+ properties:
|
|
|
+ fsGroup:
|
|
|
+ description: "A special supplemental group that applies to
|
|
|
+ all containers in a pod. Some volume types allow the Kubelet
|
|
|
+ to change the ownership of that volume to be owned by the
|
|
|
+ pod: \n 1. The owning GID will be the FSGroup 2. The setgid
|
|
|
+ bit is set (new files created in the volume will be owned
|
|
|
+ by FSGroup) 3. The permission bits are OR'd with rw-rw----
|
|
|
+ \n If unset, the Kubelet will not modify the ownership and
|
|
|
+ permissions of any volume. Note that this field cannot be
|
|
|
+ set when spec.os.name is windows."
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ fsGroupChangePolicy:
|
|
|
+ description: 'fsGroupChangePolicy defines behavior of changing
|
|
|
+ ownership and permission of the volume before being exposed
|
|
|
+ inside Pod. This field will only apply to volume types which
|
|
|
+ support fsGroup based ownership(and permissions). It will
|
|
|
+ have no effect on ephemeral volume types such as: secret,
|
|
|
+ configmaps and emptydir. Valid values are "OnRootMismatch"
|
|
|
+ and "Always". If not specified, "Always" is used. Note that
|
|
|
+ this field cannot be set when spec.os.name is windows.'
|
|
|
+ type: string
|
|
|
+ runAsGroup:
|
|
|
+ description: The GID to run the entrypoint of the container
|
|
|
+ process. Uses runtime default if unset. May also be set
|
|
|
+ in SecurityContext. If set in both SecurityContext and
|
|
|
+ PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence for that container. Note that this field
|
|
|
+ cannot be set when spec.os.name is windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ runAsNonRoot:
|
|
|
+ description: Indicates that the container must run as a non-root
|
|
|
+ user. If true, the Kubelet will validate the image at runtime
|
|
|
+ to ensure that it does not run as UID 0 (root) and fail
|
|
|
+ to start the container if it does. If unset or false, no
|
|
|
+ such validation will be performed. May also be set in SecurityContext. If
|
|
|
+ set in both SecurityContext and PodSecurityContext, the
|
|
|
+ value specified in SecurityContext takes precedence.
|
|
|
+ type: boolean
|
|
|
+ runAsUser:
|
|
|
+ description: The UID to run the entrypoint of the container
|
|
|
+ process. Defaults to user specified in image metadata if
|
|
|
+ unspecified. May also be set in SecurityContext. If set
|
|
|
+ in both SecurityContext and PodSecurityContext, the value
|
|
|
+ specified in SecurityContext takes precedence for that container.
|
|
|
+ Note that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ seLinuxOptions:
|
|
|
+ description: The SELinux context to be applied to all containers.
|
|
|
+ If unspecified, the container runtime will allocate a random
|
|
|
+ SELinux context for each container. May also be set in
|
|
|
+ SecurityContext. If set in both SecurityContext and PodSecurityContext,
|
|
|
+ the value specified in SecurityContext takes precedence
|
|
|
+ for that container. Note that this field cannot be set when
|
|
|
+ spec.os.name is windows.
|
|
|
+ properties:
|
|
|
+ level:
|
|
|
+ description: Level is SELinux level label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ role:
|
|
|
+ description: Role is a SELinux role label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: Type is a SELinux type label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: User is a SELinux user label that applies
|
|
|
+ to the container.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ seccompProfile:
|
|
|
+ description: The seccomp options to use by the containers
|
|
|
+ in this pod. Note that this field cannot be set when spec.os.name
|
|
|
+ is windows.
|
|
|
+ properties:
|
|
|
+ localhostProfile:
|
|
|
+ description: localhostProfile indicates a profile defined
|
|
|
+ in a file on the node should be used. The profile must
|
|
|
+ be preconfigured on the node to work. Must be a descending
|
|
|
+ path, relative to the kubelet's configured seccomp profile
|
|
|
+ location. Must only be set if type is "Localhost".
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: "type indicates which kind of seccomp profile
|
|
|
+ will be applied. Valid options are: \n Localhost - a
|
|
|
+ profile defined in a file on the node should be used.
|
|
|
+ RuntimeDefault - the container runtime default profile
|
|
|
+ should be used. Unconfined - no profile should be applied."
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - type
|
|
|
+ type: object
|
|
|
+ supplementalGroups:
|
|
|
+ description: A list of groups applied to the first process
|
|
|
+ run in each container, in addition to the container's primary
|
|
|
+ GID. If unspecified, no groups will be added to any container.
|
|
|
+ Note that this field cannot be set when spec.os.name is
|
|
|
+ windows.
|
|
|
+ items:
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ type: array
|
|
|
+ sysctls:
|
|
|
+ description: Sysctls hold a list of namespaced sysctls used
|
|
|
+ for the pod. Pods with unsupported sysctls (by the container
|
|
|
+ runtime) might fail to launch. Note that this field cannot
|
|
|
+ be set when spec.os.name is windows.
|
|
|
+ items:
|
|
|
+ description: Sysctl defines a kernel parameter to be set
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: Name of a property to set
|
|
|
+ type: string
|
|
|
+ value:
|
|
|
+ description: Value of a property to set
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ - value
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ windowsOptions:
|
|
|
+ description: The Windows specific settings applied to all
|
|
|
+ containers. If unspecified, the options within a container's
|
|
|
+ SecurityContext will be used. If set in both SecurityContext
|
|
|
+ and PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence. Note that this field cannot be set when
|
|
|
+ spec.os.name is linux.
|
|
|
+ properties:
|
|
|
+ gmsaCredentialSpec:
|
|
|
+ description: GMSACredentialSpec is where the GMSA admission
|
|
|
+ webhook (https://github.com/kubernetes-sigs/windows-gmsa)
|
|
|
+ inlines the contents of the GMSA credential spec named
|
|
|
+ by the GMSACredentialSpecName field.
|
|
|
+ type: string
|
|
|
+ gmsaCredentialSpecName:
|
|
|
+ description: GMSACredentialSpecName is the name of the
|
|
|
+ GMSA credential spec to use.
|
|
|
+ type: string
|
|
|
+ hostProcess:
|
|
|
+ description: HostProcess determines if a container should
|
|
|
+ be run as a 'Host Process' container. This field is
|
|
|
+ alpha-level and will only be honored by components that
|
|
|
+ enable the WindowsHostProcessContainers feature flag.
|
|
|
+ Setting this field without the feature flag will result
|
|
|
+ in errors when validating the Pod. All of a Pod's containers
|
|
|
+ must have the same effective HostProcess value (it is
|
|
|
+ not allowed to have a mix of HostProcess containers
|
|
|
+ and non-HostProcess containers). In addition, if HostProcess
|
|
|
+ is true then HostNetwork must also be set to true.
|
|
|
+ type: boolean
|
|
|
+ runAsUserName:
|
|
|
+ description: The UserName in Windows to run the entrypoint
|
|
|
+ of the container process. Defaults to the user specified
|
|
|
+ in image metadata if unspecified. May also be set in
|
|
|
+ PodSecurityContext. If set in both SecurityContext and
|
|
|
+ PodSecurityContext, the value specified in SecurityContext
|
|
|
+ takes precedence.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ serviceAccount:
|
|
|
+ description: 'DeprecatedServiceAccount is a depreciated alias
|
|
|
+ for ServiceAccountName. Deprecated: Use serviceAccountName instead.'
|
|
|
+ type: string
|
|
|
+ serviceAccountName:
|
|
|
+ description: 'ServiceAccountName is the name of the ServiceAccount
|
|
|
+ to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
|
|
|
+ type: string
|
|
|
+ setHostnameAsFQDN:
|
|
|
+ description: If true the pod's hostname will be configured as
|
|
|
+ the pod's FQDN, rather than the leaf name (the default). In
|
|
|
+ Linux containers, this means setting the FQDN in the hostname
|
|
|
+ field of the kernel (the nodename field of struct utsname).
|
|
|
+ In Windows containers, this means setting the registry value
|
|
|
+ of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
|
|
|
+ to FQDN. If a pod does not have FQDN, this has no effect. Default
|
|
|
+ to false.
|
|
|
+ type: boolean
|
|
|
+ shareProcessNamespace:
|
|
|
+ description: 'Share a single process namespace between all of
|
|
|
+ the containers in a pod. When this is set containers will be
|
|
|
+ able to view and signal processes from other containers in the
|
|
|
+ same pod, and the first process in each container will not be
|
|
|
+ assigned PID 1. HostPID and ShareProcessNamespace cannot both
|
|
|
+ be set. Optional: Default to false.'
|
|
|
+ type: boolean
|
|
|
+ subdomain:
|
|
|
+ description: If specified, the fully qualified Pod hostname will
|
|
|
+ be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
|
|
|
+ If not specified, the pod will not have a domainname at all.
|
|
|
+ type: string
|
|
|
+ terminationGracePeriodSeconds:
|
|
|
+ description: Optional duration in seconds the pod needs to terminate
|
|
|
+ gracefully. May be decreased in delete request. Value must be
|
|
|
+ non-negative integer. The value zero indicates stop immediately
|
|
|
+ via the kill signal (no opportunity to shut down). If this value
|
|
|
+ is nil, the default grace period will be used instead. The grace
|
|
|
+ period is the duration in seconds after the processes running
|
|
|
+ in the pod are sent a termination signal and the time when the
|
|
|
+ processes are forcibly halted with a kill signal. Set this value
|
|
|
+ longer than the expected cleanup time for your process. Defaults
|
|
|
+ to 30 seconds.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ tolerations:
|
|
|
+ description: If specified, the pod's tolerations.
|
|
|
+ items:
|
|
|
+ description: The pod this Toleration is attached to tolerates
|
|
|
+ any taint that matches the triple <key,value,effect> using
|
|
|
+ the matching operator <operator>.
|
|
|
+ properties:
|
|
|
+ effect:
|
|
|
+ description: Effect indicates the taint effect to match.
|
|
|
+ Empty means match all taint effects. When specified, allowed
|
|
|
+ values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
|
+ type: string
|
|
|
+ key:
|
|
|
+ description: Key is the taint key that the toleration applies
|
|
|
+ to. Empty means match all taint keys. If the key is empty,
|
|
|
+ operator must be Exists; this combination means to match
|
|
|
+ all values and all keys.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: Operator represents a key's relationship to
|
|
|
+ the value. Valid operators are Exists and Equal. Defaults
|
|
|
+ to Equal. Exists is equivalent to wildcard for value,
|
|
|
+ so that a pod can tolerate all taints of a particular
|
|
|
+ category.
|
|
|
+ type: string
|
|
|
+ tolerationSeconds:
|
|
|
+ description: TolerationSeconds represents the period of
|
|
|
+ time the toleration (which must be of effect NoExecute,
|
|
|
+ otherwise this field is ignored) tolerates the taint.
|
|
|
+ By default, it is not set, which means tolerate the taint
|
|
|
+ forever (do not evict). Zero and negative values will
|
|
|
+ be treated as 0 (evict immediately) by the system.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ value:
|
|
|
+ description: Value is the taint value the toleration matches
|
|
|
+ to. If the operator is Exists, the value should be empty,
|
|
|
+ otherwise just a regular string.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ topologySpreadConstraints:
|
|
|
+ description: TopologySpreadConstraints describes how a group of
|
|
|
+ pods ought to spread across topology domains. Scheduler will
|
|
|
+ schedule pods in a way which abides by the constraints. All
|
|
|
+ topologySpreadConstraints are ANDed.
|
|
|
+ items:
|
|
|
+ description: TopologySpreadConstraint specifies how to spread
|
|
|
+ matching pods among the given topology.
|
|
|
+ properties:
|
|
|
+ labelSelector:
|
|
|
+ description: LabelSelector is used to find matching pods.
|
|
|
+ Pods that match this label selector are counted to determine
|
|
|
+ the number of pods in their corresponding topology domain.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list of label selector
|
|
|
+ requirements. The requirements are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement is a selector
|
|
|
+ that contains values, a key, and an operator that
|
|
|
+ relates the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key that the selector
|
|
|
+ applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a key's relationship
|
|
|
+ to a set of values. Valid operators are In,
|
|
|
+ NotIn, Exists and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of string values.
|
|
|
+ If the operator is In or NotIn, the values array
|
|
|
+ must be non-empty. If the operator is Exists
|
|
|
+ or DoesNotExist, the values array must be empty.
|
|
|
+ This array is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value} pairs.
|
|
|
+ A single {key,value} in the matchLabels map is equivalent
|
|
|
+ to an element of matchExpressions, whose key field
|
|
|
+ is "key", the operator is "In", and the values array
|
|
|
+ contains only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ maxSkew:
|
|
|
+ description: 'MaxSkew describes the degree to which pods
|
|
|
+ may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
|
|
|
+ it is the maximum permitted difference between the number
|
|
|
+ of matching pods in the target topology and the global
|
|
|
+ minimum. The global minimum is the minimum number of matching
|
|
|
+ pods in an eligible domain or zero if the number of eligible
|
|
|
+ domains is less than MinDomains. For example, in a 3-zone
|
|
|
+ cluster, MaxSkew is set to 1, and pods with the same labelSelector
|
|
|
+ spread as 2/2/1: In this case, the global minimum is 1.
|
|
|
+ | zone1 | zone2 | zone3 | | P P | P P | P | -
|
|
|
+ if MaxSkew is 1, incoming pod can only be scheduled to
|
|
|
+ zone3 to become 2/2/2; scheduling it onto zone1(zone2)
|
|
|
+ would make the ActualSkew(3-1) on zone1(zone2) violate
|
|
|
+ MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
|
|
|
+ onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
|
|
|
+ it is used to give higher precedence to topologies that
|
|
|
+ satisfy it. It''s a required field. Default value is 1
|
|
|
+ and 0 is not allowed.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ minDomains:
|
|
|
+ description: "MinDomains indicates a minimum number of eligible
|
|
|
+ domains. When the number of eligible domains with matching
|
|
|
+ topology keys is less than minDomains, Pod Topology Spread
|
|
|
+ treats \"global minimum\" as 0, and then the calculation
|
|
|
+ of Skew is performed. And when the number of eligible
|
|
|
+ domains with matching topology keys equals or greater
|
|
|
+ than minDomains, this value has no effect on scheduling.
|
|
|
+ As a result, when the number of eligible domains is less
|
|
|
+ than minDomains, scheduler won't schedule more than maxSkew
|
|
|
+ Pods to those domains. If value is nil, the constraint
|
|
|
+ behaves as if MinDomains is equal to 1. Valid values are
|
|
|
+ integers greater than 0. When value is not nil, WhenUnsatisfiable
|
|
|
+ must be DoNotSchedule. \n For example, in a 3-zone cluster,
|
|
|
+ MaxSkew is set to 2, MinDomains is set to 5 and pods with
|
|
|
+ the same labelSelector spread as 2/2/2: | zone1 | zone2
|
|
|
+ | zone3 | | P P | P P | P P | The number of domains
|
|
|
+ is less than 5(MinDomains), so \"global minimum\" is treated
|
|
|
+ as 0. In this situation, new pod with the same labelSelector
|
|
|
+ cannot be scheduled, because computed skew will be 3(3
|
|
|
+ - 0) if new Pod is scheduled to any of the three zones,
|
|
|
+ it will violate MaxSkew. \n This is an alpha field and
|
|
|
+ requires enabling MinDomainsInPodTopologySpread feature
|
|
|
+ gate."
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ topologyKey:
|
|
|
+ description: TopologyKey is the key of node labels. Nodes
|
|
|
+ that have a label with this key and identical values are
|
|
|
+ considered to be in the same topology. We consider each
|
|
|
+ <key, value> as a "bucket", and try to put balanced number
|
|
|
+ of pods into each bucket. We define a domain as a particular
|
|
|
+ instance of a topology. Also, we define an eligible domain
|
|
|
+ as a domain whose nodes match the node selector. e.g.
|
|
|
+ If TopologyKey is "kubernetes.io/hostname", each Node
|
|
|
+ is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone",
|
|
|
+ each zone is a domain of that topology. It's a required
|
|
|
+ field.
|
|
|
+ type: string
|
|
|
+ whenUnsatisfiable:
|
|
|
+ description: 'WhenUnsatisfiable indicates how to deal with
|
|
|
+ a pod if it doesn''t satisfy the spread constraint. -
|
|
|
+ DoNotSchedule (default) tells the scheduler not to schedule
|
|
|
+ it. - ScheduleAnyway tells the scheduler to schedule the
|
|
|
+ pod in any location, but giving higher precedence to topologies
|
|
|
+ that would help reduce the skew. A constraint is considered
|
|
|
+ "Unsatisfiable" for an incoming pod if and only if every
|
|
|
+ possible node assignment for that pod would violate "MaxSkew"
|
|
|
+ on some topology. For example, in a 3-zone cluster, MaxSkew
|
|
|
+ is set to 1, and pods with the same labelSelector spread
|
|
|
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
|
|
|
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming
|
|
|
+ pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
|
|
|
+ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
|
|
|
+ In other words, the cluster can still be imbalanced, but
|
|
|
+ scheduler won''t make it *more* imbalanced. It''s a required
|
|
|
+ field.'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - maxSkew
|
|
|
+ - topologyKey
|
|
|
+ - whenUnsatisfiable
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ x-kubernetes-list-map-keys:
|
|
|
+ - topologyKey
|
|
|
+ - whenUnsatisfiable
|
|
|
+ x-kubernetes-list-type: map
|
|
|
+ volumes:
|
|
|
+ description: 'List of volumes that can be mounted by containers
|
|
|
+ belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
|
|
|
+ items:
|
|
|
+ description: Volume represents a named volume in a pod that
|
|
|
+ may be accessed by any container in the pod.
|
|
|
+ properties:
|
|
|
+ awsElasticBlockStore:
|
|
|
+ description: 'awsElasticBlockStore represents an AWS Disk
|
|
|
+ resource that is attached to a kubelet''s host machine
|
|
|
+ and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ partition:
|
|
|
+ description: 'partition is the partition in the volume
|
|
|
+ that you want to mount. If omitted, the default is
|
|
|
+ to mount by volume name. Examples: For volume /dev/sda1,
|
|
|
+ you specify the partition as "1". Similarly, the volume
|
|
|
+ partition for /dev/sda is "0" (or you can leave the
|
|
|
+ property empty).'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly value true will force the readOnly
|
|
|
+ setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
|
+ type: boolean
|
|
|
+ volumeID:
|
|
|
+ description: 'volumeID is unique ID of the persistent
|
|
|
+ disk resource in AWS (Amazon EBS volume). More info:
|
|
|
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumeID
|
|
|
+ type: object
|
|
|
+ azureDisk:
|
|
|
+ description: azureDisk represents an Azure Data Disk mount
|
|
|
+ on the host and bind mount to the pod.
|
|
|
+ properties:
|
|
|
+ cachingMode:
|
|
|
+ description: 'cachingMode is the Host Caching mode:
|
|
|
+ None, Read Only, Read Write.'
|
|
|
+ type: string
|
|
|
+ diskName:
|
|
|
+ description: diskName is the Name of the data disk in
|
|
|
+ the blob storage
|
|
|
+ type: string
|
|
|
+ diskURI:
|
|
|
+ description: diskURI is the URI of data disk in the
|
|
|
+ blob storage
|
|
|
+ type: string
|
|
|
+ fsType:
|
|
|
+ description: fsType is Filesystem type to mount. Must
|
|
|
+ be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ kind:
|
|
|
+ description: 'kind expected values are Shared: multiple
|
|
|
+ blob disks per storage account Dedicated: single
|
|
|
+ blob disk per storage account Managed: azure managed
|
|
|
+ data disk (only in managed availability set). defaults
|
|
|
+ to shared'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly Defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - diskName
|
|
|
+ - diskURI
|
|
|
+ type: object
|
|
|
+ azureFile:
|
|
|
+ description: azureFile represents an Azure File Service
|
|
|
+ mount on the host and bind mount to the pod.
|
|
|
+ properties:
|
|
|
+ readOnly:
|
|
|
+ description: readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ secretName:
|
|
|
+ description: secretName is the name of secret that
|
|
|
+ contains Azure Storage Account Name and Key
|
|
|
+ type: string
|
|
|
+ shareName:
|
|
|
+ description: shareName is the azure share Name
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - secretName
|
|
|
+ - shareName
|
|
|
+ type: object
|
|
|
+ cephfs:
|
|
|
+ description: cephFS represents a Ceph FS mount on the host
|
|
|
+ that shares a pod's lifetime
|
|
|
+ properties:
|
|
|
+ monitors:
|
|
|
+ description: 'monitors is Required: Monitors is a collection
|
|
|
+ of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ path:
|
|
|
+ description: 'path is Optional: Used as the mounted
|
|
|
+ root, rather than the full Ceph tree, default is /'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly is Optional: Defaults to false
|
|
|
+ (read/write). ReadOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ type: boolean
|
|
|
+ secretFile:
|
|
|
+ description: 'secretFile is Optional: SecretFile is
|
|
|
+ the path to key ring for User, default is /etc/ceph/user.secret
|
|
|
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is Optional: SecretRef is reference
|
|
|
+ to the authentication secret for User, default is
|
|
|
+ empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ user:
|
|
|
+ description: 'user is optional: User is the rados user
|
|
|
+ name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - monitors
|
|
|
+ type: object
|
|
|
+ cinder:
|
|
|
+ description: 'cinder represents a cinder volume attached
|
|
|
+ and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Examples: "ext4", "xfs", "ntfs". Implicitly
|
|
|
+ inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is optional: points to a secret
|
|
|
+ object containing parameters used to connect to OpenStack.'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ volumeID:
|
|
|
+ description: 'volumeID used to identify the volume in
|
|
|
+ cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumeID
|
|
|
+ type: object
|
|
|
+ configMap:
|
|
|
+ description: configMap represents a configMap that should
|
|
|
+ populate this volume
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: 'defaultMode is optional: mode bits used
|
|
|
+ to set permissions on created files by default. Must
|
|
|
+ be an octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal values for mode
|
|
|
+ bits. Defaults to 0644. Directories within the path
|
|
|
+ are not affected by this setting. This might be in
|
|
|
+ conflict with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ items:
|
|
|
+ description: items if unspecified, each key-value pair
|
|
|
+ in the Data field of the referenced ConfigMap will
|
|
|
+ be projected into the volume as a file whose name
|
|
|
+ is the key and content is the value. If specified,
|
|
|
+ the listed keys will be projected into the specified
|
|
|
+ paths, and unlisted keys will not be present. If a
|
|
|
+ key is specified which is not present in the ConfigMap,
|
|
|
+ the volume setup will error unless it is marked optional.
|
|
|
+ Paths must be relative and may not contain the '..'
|
|
|
+ path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path within a
|
|
|
+ volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode bits used
|
|
|
+ to set permissions on this file. Must be an
|
|
|
+ octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires decimal values
|
|
|
+ for mode bits. If not specified, the volume
|
|
|
+ defaultMode will be used. This might be in conflict
|
|
|
+ with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode
|
|
|
+ bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path of the
|
|
|
+ file to map the key to. May not be an absolute
|
|
|
+ path. May not contain the path element '..'.
|
|
|
+ May not start with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: optional specify whether the ConfigMap
|
|
|
+ or its keys must be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ csi:
|
|
|
+ description: csi (Container Storage Interface) represents
|
|
|
+ ephemeral storage that is handled by certain external
|
|
|
+ CSI drivers (Beta feature).
|
|
|
+ properties:
|
|
|
+ driver:
|
|
|
+ description: driver is the name of the CSI driver that
|
|
|
+ handles this volume. Consult with your admin for the
|
|
|
+ correct name as registered in the cluster.
|
|
|
+ type: string
|
|
|
+ fsType:
|
|
|
+ description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
|
|
|
+ If not provided, the empty value is passed to the
|
|
|
+ associated CSI driver which will determine the default
|
|
|
+ filesystem to apply.
|
|
|
+ type: string
|
|
|
+ nodePublishSecretRef:
|
|
|
+ description: nodePublishSecretRef is a reference to
|
|
|
+ the secret object containing sensitive information
|
|
|
+ to pass to the CSI driver to complete the CSI NodePublishVolume
|
|
|
+ and NodeUnpublishVolume calls. This field is optional,
|
|
|
+ and may be empty if no secret is required. If the
|
|
|
+ secret object contains more than one secret, all secret
|
|
|
+ references are passed.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ readOnly:
|
|
|
+ description: readOnly specifies a read-only configuration
|
|
|
+ for the volume. Defaults to false (read/write).
|
|
|
+ type: boolean
|
|
|
+ volumeAttributes:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: volumeAttributes stores driver-specific
|
|
|
+ properties that are passed to the CSI driver. Consult
|
|
|
+ your driver's documentation for supported values.
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - driver
|
|
|
+ type: object
|
|
|
+ downwardAPI:
|
|
|
+ description: downwardAPI represents downward API about the
|
|
|
+ pod that should populate this volume
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: 'Optional: mode bits to use on created
|
|
|
+ files by default. Must be a Optional: mode bits used
|
|
|
+ to set permissions on created files by default. Must
|
|
|
+ be an octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal values for mode
|
|
|
+ bits. Defaults to 0644. Directories within the path
|
|
|
+ are not affected by this setting. This might be in
|
|
|
+ conflict with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ items:
|
|
|
+ description: Items is a list of downward API volume
|
|
|
+ file
|
|
|
+ items:
|
|
|
+ description: DownwardAPIVolumeFile represents information
|
|
|
+ to create the file containing the pod field
|
|
|
+ properties:
|
|
|
+ fieldRef:
|
|
|
+ description: 'Required: Selects a field of the
|
|
|
+ pod: only annotations, labels, name and namespace
|
|
|
+ are supported.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema the FieldPath
|
|
|
+ is written in terms of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to select in
|
|
|
+ the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ mode:
|
|
|
+ description: 'Optional: mode bits used to set
|
|
|
+ permissions on this file, must be an octal value
|
|
|
+ between 0000 and 0777 or a decimal value between
|
|
|
+ 0 and 511. YAML accepts both octal and decimal
|
|
|
+ values, JSON requires decimal values for mode
|
|
|
+ bits. If not specified, the volume defaultMode
|
|
|
+ will be used. This might be in conflict with
|
|
|
+ other options that affect the file mode, like
|
|
|
+ fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: 'Required: Path is the relative
|
|
|
+ path name of the file to be created. Must not
|
|
|
+ be absolute or contain the ''..'' path. Must
|
|
|
+ be utf-8 encoded. The first item of the relative
|
|
|
+ path must not start with ''..'''
|
|
|
+ type: string
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of the container:
|
|
|
+ only resources limits and requests (limits.cpu,
|
|
|
+ limits.memory, requests.cpu and requests.memory)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required for
|
|
|
+ volumes, optional for env vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output format of
|
|
|
+ the exposed resources, defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ emptyDir:
|
|
|
+ description: 'emptyDir represents a temporary directory
|
|
|
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
|
|
+ properties:
|
|
|
+ medium:
|
|
|
+ description: 'medium represents what type of storage
|
|
|
+ medium should back this directory. The default is
|
|
|
+ "" which means to use the node''s default medium.
|
|
|
+ Must be an empty string (default) or Memory. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
|
|
|
+ type: string
|
|
|
+ sizeLimit:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: 'sizeLimit is the total amount of local
|
|
|
+ storage required for this EmptyDir volume. The size
|
|
|
+ limit is also applicable for memory medium. The maximum
|
|
|
+ usage on memory medium EmptyDir would be the minimum
|
|
|
+ value between the SizeLimit specified here and the
|
|
|
+ sum of memory limits of all containers in a pod. The
|
|
|
+ default is nil which means that the limit is undefined.
|
|
|
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ type: object
|
|
|
+ ephemeral:
|
|
|
+ description: "ephemeral represents a volume that is handled
|
|
|
+ by a cluster storage driver. The volume's lifecycle is
|
|
|
+ tied to the pod that defines it - it will be created before
|
|
|
+ the pod starts, and deleted when the pod is removed. \n
|
|
|
+ Use this if: a) the volume is only needed while the pod
|
|
|
+ runs, b) features of normal volumes like restoring from
|
|
|
+ snapshot or capacity tracking are needed, c) the storage
|
|
|
+ driver is specified through a storage class, and d) the
|
|
|
+ storage driver supports dynamic volume provisioning through
|
|
|
+ a PersistentVolumeClaim (see EphemeralVolumeSource for
|
|
|
+ more information on the connection between this volume
|
|
|
+ type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
|
|
|
+ or one of the vendor-specific APIs for volumes that persist
|
|
|
+ for longer than the lifecycle of an individual pod. \n
|
|
|
+ Use CSI for light-weight local ephemeral volumes if the
|
|
|
+ CSI driver is meant to be used that way - see the documentation
|
|
|
+ of the driver for more information. \n A pod can use both
|
|
|
+ types of ephemeral volumes and persistent volumes at the
|
|
|
+ same time."
|
|
|
+ properties:
|
|
|
+ volumeClaimTemplate:
|
|
|
+ description: "Will be used to create a stand-alone PVC
|
|
|
+ to provision the volume. The pod in which this EphemeralVolumeSource
|
|
|
+ is embedded will be the owner of the PVC, i.e. the
|
|
|
+ PVC will be deleted together with the pod. The name
|
|
|
+ of the PVC will be `<pod name>-<volume name>` where
|
|
|
+ `<volume name>` is the name from the `PodSpec.Volumes`
|
|
|
+ array entry. Pod validation will reject the pod if
|
|
|
+ the concatenated name is not valid for a PVC (for
|
|
|
+ example, too long). \n An existing PVC with that name
|
|
|
+ that is not owned by the pod will *not* be used for
|
|
|
+ the pod to avoid using an unrelated volume by mistake.
|
|
|
+ Starting the pod is then blocked until the unrelated
|
|
|
+ PVC is removed. If such a pre-created PVC is meant
|
|
|
+ to be used by the pod, the PVC has to updated with
|
|
|
+ an owner reference to the pod once the pod exists.
|
|
|
+ Normally this should not be necessary, but it may
|
|
|
+ be useful when manually reconstructing a broken cluster.
|
|
|
+ \n This field is read-only and no changes will be
|
|
|
+ made by Kubernetes to the PVC after it has been created.
|
|
|
+ \n Required, must not be nil."
|
|
|
+ properties:
|
|
|
+ metadata:
|
|
|
+ description: May contain labels and annotations
|
|
|
+ that will be copied into the PVC when creating
|
|
|
+ it. No other fields are allowed and will be rejected
|
|
|
+ during validation.
|
|
|
+ type: object
|
|
|
+ spec:
|
|
|
+ description: The specification for the PersistentVolumeClaim.
|
|
|
+ The entire content is copied unchanged into the
|
|
|
+ PVC that gets created from this template. The
|
|
|
+ same fields as in a PersistentVolumeClaim are
|
|
|
+ also valid here.
|
|
|
+ properties:
|
|
|
+ accessModes:
|
|
|
+ description: 'accessModes contains the desired
|
|
|
+ access modes the volume should have. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ dataSource:
|
|
|
+ description: 'dataSource field can be used to
|
|
|
+ specify either: * An existing VolumeSnapshot
|
|
|
+ object (snapshot.storage.k8s.io/VolumeSnapshot)
|
|
|
+ * An existing PVC (PersistentVolumeClaim)
|
|
|
+ If the provisioner or an external controller
|
|
|
+ can support the specified data source, it
|
|
|
+ will create a new volume based on the contents
|
|
|
+ of the specified data source. If the AnyVolumeDataSource
|
|
|
+ feature gate is enabled, this field will always
|
|
|
+ have the same contents as the DataSourceRef
|
|
|
+ field.'
|
|
|
+ properties:
|
|
|
+ apiGroup:
|
|
|
+ description: APIGroup is the group for the
|
|
|
+ resource being referenced. If APIGroup
|
|
|
+ is not specified, the specified Kind must
|
|
|
+ be in the core API group. For any other
|
|
|
+ third-party types, APIGroup is required.
|
|
|
+ type: string
|
|
|
+ kind:
|
|
|
+ description: Kind is the type of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: Name is the name of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - kind
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ dataSourceRef:
|
|
|
+ description: 'dataSourceRef specifies the object
|
|
|
+ from which to populate the volume with data,
|
|
|
+ if a non-empty volume is desired. This may
|
|
|
+ be any local object from a non-empty API group
|
|
|
+ (non core object) or a PersistentVolumeClaim
|
|
|
+ object. When this field is specified, volume
|
|
|
+ binding will only succeed if the type of the
|
|
|
+ specified object matches some installed volume
|
|
|
+ populator or dynamic provisioner. This field
|
|
|
+ will replace the functionality of the DataSource
|
|
|
+ field and as such if both fields are non-empty,
|
|
|
+ they must have the same value. For backwards
|
|
|
+ compatibility, both fields (DataSource and
|
|
|
+ DataSourceRef) will be set to the same value
|
|
|
+ automatically if one of them is empty and
|
|
|
+ the other is non-empty. There are two important
|
|
|
+ differences between DataSource and DataSourceRef:
|
|
|
+ * While DataSource only allows two specific
|
|
|
+ types of objects, DataSourceRef allows any
|
|
|
+ non-core object, as well as PersistentVolumeClaim
|
|
|
+ objects. * While DataSource ignores disallowed
|
|
|
+ values (dropping them), DataSourceRef preserves
|
|
|
+ all values, and generates an error if a disallowed
|
|
|
+ value is specified. (Beta) Using this field
|
|
|
+ requires the AnyVolumeDataSource feature gate
|
|
|
+ to be enabled.'
|
|
|
+ properties:
|
|
|
+ apiGroup:
|
|
|
+ description: APIGroup is the group for the
|
|
|
+ resource being referenced. If APIGroup
|
|
|
+ is not specified, the specified Kind must
|
|
|
+ be in the core API group. For any other
|
|
|
+ third-party types, APIGroup is required.
|
|
|
+ type: string
|
|
|
+ kind:
|
|
|
+ description: Kind is the type of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ name:
|
|
|
+ description: Name is the name of resource
|
|
|
+ being referenced
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - kind
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ resources:
|
|
|
+ description: 'resources represents the minimum
|
|
|
+ resources the volume should have. If RecoverVolumeExpansionFailure
|
|
|
+ feature is enabled users are allowed to specify
|
|
|
+ resource requirements that are lower than
|
|
|
+ previous value but must still be higher than
|
|
|
+ capacity recorded in the status field of the
|
|
|
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
|
|
|
+ properties:
|
|
|
+ limits:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Limits describes the maximum
|
|
|
+ amount of compute resources allowed. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ requests:
|
|
|
+ additionalProperties:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ description: 'Requests describes the minimum
|
|
|
+ amount of compute resources required.
|
|
|
+ If Requests is omitted for a container,
|
|
|
+ it defaults to Limits if that is explicitly
|
|
|
+ specified, otherwise to an implementation-defined
|
|
|
+ value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ selector:
|
|
|
+ description: selector is a label query over
|
|
|
+ volumes to consider for binding.
|
|
|
+ properties:
|
|
|
+ matchExpressions:
|
|
|
+ description: matchExpressions is a list
|
|
|
+ of label selector requirements. The requirements
|
|
|
+ are ANDed.
|
|
|
+ items:
|
|
|
+ description: A label selector requirement
|
|
|
+ is a selector that contains values,
|
|
|
+ a key, and an operator that relates
|
|
|
+ the key and values.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the label key
|
|
|
+ that the selector applies to.
|
|
|
+ type: string
|
|
|
+ operator:
|
|
|
+ description: operator represents a
|
|
|
+ key's relationship to a set of values.
|
|
|
+ Valid operators are In, NotIn, Exists
|
|
|
+ and DoesNotExist.
|
|
|
+ type: string
|
|
|
+ values:
|
|
|
+ description: values is an array of
|
|
|
+ string values. If the operator is
|
|
|
+ In or NotIn, the values array must
|
|
|
+ be non-empty. If the operator is
|
|
|
+ Exists or DoesNotExist, the values
|
|
|
+ array must be empty. This array
|
|
|
+ is replaced during a strategic merge
|
|
|
+ patch.
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - operator
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ matchLabels:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: matchLabels is a map of {key,value}
|
|
|
+ pairs. A single {key,value} in the matchLabels
|
|
|
+ map is equivalent to an element of matchExpressions,
|
|
|
+ whose key field is "key", the operator
|
|
|
+ is "In", and the values array contains
|
|
|
+ only "value". The requirements are ANDed.
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ storageClassName:
|
|
|
+ description: 'storageClassName is the name of
|
|
|
+ the StorageClass required by the claim. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
|
|
|
+ type: string
|
|
|
+ volumeMode:
|
|
|
+ description: volumeMode defines what type of
|
|
|
+ volume is required by the claim. Value of
|
|
|
+ Filesystem is implied when not included in
|
|
|
+ claim spec.
|
|
|
+ type: string
|
|
|
+ volumeName:
|
|
|
+ description: volumeName is the binding reference
|
|
|
+ to the PersistentVolume backing this claim.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - spec
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ fc:
|
|
|
+ description: fc represents a Fibre Channel resource that
|
|
|
+ is attached to a kubelet's host machine and then exposed
|
|
|
+ to the pod.
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified. TODO: how do we prevent
|
|
|
+ errors in the filesystem from compromising the machine'
|
|
|
+ type: string
|
|
|
+ lun:
|
|
|
+ description: 'lun is Optional: FC target lun number'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly is Optional: Defaults to false
|
|
|
+ (read/write). ReadOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts.'
|
|
|
+ type: boolean
|
|
|
+ targetWWNs:
|
|
|
+ description: 'targetWWNs is Optional: FC target worldwide
|
|
|
+ names (WWNs)'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ wwids:
|
|
|
+ description: 'wwids Optional: FC volume world wide identifiers
|
|
|
+ (wwids) Either wwids or combination of targetWWNs
|
|
|
+ and lun must be set, but not both simultaneously.'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ flexVolume:
|
|
|
+ description: flexVolume represents a generic volume resource
|
|
|
+ that is provisioned/attached using an exec based plugin.
|
|
|
+ properties:
|
|
|
+ driver:
|
|
|
+ description: driver is the name of the driver to use
|
|
|
+ for this volume.
|
|
|
+ type: string
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". The default filesystem
|
|
|
+ depends on FlexVolume script.
|
|
|
+ type: string
|
|
|
+ options:
|
|
|
+ additionalProperties:
|
|
|
+ type: string
|
|
|
+ description: 'options is Optional: this field holds
|
|
|
+ extra command options if any.'
|
|
|
+ type: object
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly is Optional: defaults to false
|
|
|
+ (read/write). ReadOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts.'
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is Optional: secretRef is reference
|
|
|
+ to the secret object containing sensitive information
|
|
|
+ to pass to the plugin scripts. This may be empty if
|
|
|
+ no secret object is specified. If the secret object
|
|
|
+ contains more than one secret, all secrets are passed
|
|
|
+ to the plugin scripts.'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ required:
|
|
|
+ - driver
|
|
|
+ type: object
|
|
|
+ flocker:
|
|
|
+ description: flocker represents a Flocker volume attached
|
|
|
+ to a kubelet's host machine. This depends on the Flocker
|
|
|
+ control service being running
|
|
|
+ properties:
|
|
|
+ datasetName:
|
|
|
+ description: datasetName is Name of the dataset stored
|
|
|
+ as metadata -> name on the dataset for Flocker should
|
|
|
+ be considered as deprecated
|
|
|
+ type: string
|
|
|
+ datasetUUID:
|
|
|
+ description: datasetUUID is the UUID of the dataset.
|
|
|
+ This is unique identifier of a Flocker dataset
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ gcePersistentDisk:
|
|
|
+ description: 'gcePersistentDisk represents a GCE Disk resource
|
|
|
+ that is attached to a kubelet''s host machine and then
|
|
|
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ partition:
|
|
|
+ description: 'partition is the partition in the volume
|
|
|
+ that you want to mount. If omitted, the default is
|
|
|
+ to mount by volume name. Examples: For volume /dev/sda1,
|
|
|
+ you specify the partition as "1". Similarly, the volume
|
|
|
+ partition for /dev/sda is "0" (or you can leave the
|
|
|
+ property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ pdName:
|
|
|
+ description: 'pdName is unique name of the PD resource
|
|
|
+ in GCE. Used to identify the disk in GCE. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts. Defaults to false. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - pdName
|
|
|
+ type: object
|
|
|
+ gitRepo:
|
|
|
+ description: 'gitRepo represents a git repository at a particular
|
|
|
+ revision. DEPRECATED: GitRepo is deprecated. To provision
|
|
|
+ a container with a git repo, mount an EmptyDir into an
|
|
|
+ InitContainer that clones the repo using git, then mount
|
|
|
+ the EmptyDir into the Pod''s container.'
|
|
|
+ properties:
|
|
|
+ directory:
|
|
|
+ description: directory is the target directory name.
|
|
|
+ Must not contain or start with '..'. If '.' is supplied,
|
|
|
+ the volume directory will be the git repository. Otherwise,
|
|
|
+ if specified, the volume will contain the git repository
|
|
|
+ in the subdirectory with the given name.
|
|
|
+ type: string
|
|
|
+ repository:
|
|
|
+ description: repository is the URL
|
|
|
+ type: string
|
|
|
+ revision:
|
|
|
+ description: revision is the commit hash for the specified
|
|
|
+ revision.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - repository
|
|
|
+ type: object
|
|
|
+ glusterfs:
|
|
|
+ description: 'glusterfs represents a Glusterfs mount on
|
|
|
+ the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
|
|
|
+ properties:
|
|
|
+ endpoints:
|
|
|
+ description: 'endpoints is the endpoint name that details
|
|
|
+ Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
|
+ type: string
|
|
|
+ path:
|
|
|
+ description: 'path is the Glusterfs volume path. More
|
|
|
+ info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the Glusterfs
|
|
|
+ volume to be mounted with read-only permissions. Defaults
|
|
|
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - endpoints
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ hostPath:
|
|
|
+ description: 'hostPath represents a pre-existing file or
|
|
|
+ directory on the host machine that is directly exposed
|
|
|
+ to the container. This is generally used for system agents
|
|
|
+ or other privileged things that are allowed to see the
|
|
|
+ host machine. Most containers will NOT need this. More
|
|
|
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
|
|
|
+ --- TODO(jonesdl) We need to restrict who can use host
|
|
|
+ directory mounts and who can/can not mount host directories
|
|
|
+ as read/write.'
|
|
|
+ properties:
|
|
|
+ path:
|
|
|
+ description: 'path of the directory on the host. If
|
|
|
+ the path is a symlink, it will follow the link to
|
|
|
+ the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
|
|
+ type: string
|
|
|
+ type:
|
|
|
+ description: 'type for HostPath Volume Defaults to ""
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ iscsi:
|
|
|
+ description: 'iscsi represents an ISCSI Disk resource that
|
|
|
+ is attached to a kubelet''s host machine and then exposed
|
|
|
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
|
|
|
+ properties:
|
|
|
+ chapAuthDiscovery:
|
|
|
+ description: chapAuthDiscovery defines whether support
|
|
|
+ iSCSI Discovery CHAP authentication
|
|
|
+ type: boolean
|
|
|
+ chapAuthSession:
|
|
|
+ description: chapAuthSession defines whether support
|
|
|
+ iSCSI Session CHAP authentication
|
|
|
+ type: boolean
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ initiatorName:
|
|
|
+ description: initiatorName is the custom iSCSI Initiator
|
|
|
+ Name. If initiatorName is specified with iscsiInterface
|
|
|
+ simultaneously, new iSCSI interface <target portal>:<volume
|
|
|
+ name> will be created for the connection.
|
|
|
+ type: string
|
|
|
+ iqn:
|
|
|
+ description: iqn is the target iSCSI Qualified Name.
|
|
|
+ type: string
|
|
|
+ iscsiInterface:
|
|
|
+ description: iscsiInterface is the interface Name that
|
|
|
+ uses an iSCSI transport. Defaults to 'default' (tcp).
|
|
|
+ type: string
|
|
|
+ lun:
|
|
|
+ description: lun represents iSCSI Target Lun number.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ portals:
|
|
|
+ description: portals is the iSCSI Target Portal List.
|
|
|
+ The portal is either an IP or ip_addr:port if the
|
|
|
+ port is other than default (typically TCP ports 860
|
|
|
+ and 3260).
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ readOnly:
|
|
|
+ description: readOnly here will force the ReadOnly setting
|
|
|
+ in VolumeMounts. Defaults to false.
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: secretRef is the CHAP Secret for iSCSI
|
|
|
+ target and initiator authentication
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ targetPortal:
|
|
|
+ description: targetPortal is iSCSI Target Portal. The
|
|
|
+ Portal is either an IP or ip_addr:port if the port
|
|
|
+ is other than default (typically TCP ports 860 and
|
|
|
+ 3260).
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - iqn
|
|
|
+ - lun
|
|
|
+ - targetPortal
|
|
|
+ type: object
|
|
|
+ name:
|
|
|
+ description: 'name of the volume. Must be a DNS_LABEL and
|
|
|
+ unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
|
|
+ type: string
|
|
|
+ nfs:
|
|
|
+ description: 'nfs represents an NFS mount on the host that
|
|
|
+ shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ properties:
|
|
|
+ path:
|
|
|
+ description: 'path that is exported by the NFS server.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the NFS export
|
|
|
+ to be mounted with read-only permissions. Defaults
|
|
|
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ type: boolean
|
|
|
+ server:
|
|
|
+ description: 'server is the hostname or IP address of
|
|
|
+ the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ - server
|
|
|
+ type: object
|
|
|
+ persistentVolumeClaim:
|
|
|
+ description: 'persistentVolumeClaimVolumeSource represents
|
|
|
+ a reference to a PersistentVolumeClaim in the same namespace.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
|
|
+ properties:
|
|
|
+ claimName:
|
|
|
+ description: 'claimName is the name of a PersistentVolumeClaim
|
|
|
+ in the same namespace as the pod using this volume.
|
|
|
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly Will force the ReadOnly setting
|
|
|
+ in VolumeMounts. Default false.
|
|
|
+ type: boolean
|
|
|
+ required:
|
|
|
+ - claimName
|
|
|
+ type: object
|
|
|
+ photonPersistentDisk:
|
|
|
+ description: photonPersistentDisk represents a PhotonController
|
|
|
+ persistent disk attached and mounted on kubelets host
|
|
|
+ machine
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ pdID:
|
|
|
+ description: pdID is the ID that identifies Photon Controller
|
|
|
+ persistent disk
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - pdID
|
|
|
+ type: object
|
|
|
+ portworxVolume:
|
|
|
+ description: portworxVolume represents a portworx volume
|
|
|
+ attached and mounted on kubelets host machine
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fSType represents the filesystem type to
|
|
|
+ mount Must be a filesystem type supported by the host
|
|
|
+ operating system. Ex. "ext4", "xfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ volumeID:
|
|
|
+ description: volumeID uniquely identifies a Portworx
|
|
|
+ volume
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumeID
|
|
|
+ type: object
|
|
|
+ projected:
|
|
|
+ description: projected items for all in one resources secrets,
|
|
|
+ configmaps, and downward API
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: defaultMode are the mode bits used to set
|
|
|
+ permissions on created files by default. Must be an
|
|
|
+ octal value between 0000 and 0777 or a decimal value
|
|
|
+ between 0 and 511. YAML accepts both octal and decimal
|
|
|
+ values, JSON requires decimal values for mode bits.
|
|
|
+ Directories within the path are not affected by this
|
|
|
+ setting. This might be in conflict with other options
|
|
|
+ that affect the file mode, like fsGroup, and the result
|
|
|
+ can be other mode bits set.
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ sources:
|
|
|
+ description: sources is the list of volume projections
|
|
|
+ items:
|
|
|
+ description: Projection that may be projected along
|
|
|
+ with other supported volume types
|
|
|
+ properties:
|
|
|
+ configMap:
|
|
|
+ description: configMap information about the configMap
|
|
|
+ data to project
|
|
|
+ properties:
|
|
|
+ items:
|
|
|
+ description: items if unspecified, each key-value
|
|
|
+ pair in the Data field of the referenced
|
|
|
+ ConfigMap will be projected into the volume
|
|
|
+ as a file whose name is the key and content
|
|
|
+ is the value. If specified, the listed keys
|
|
|
+ will be projected into the specified paths,
|
|
|
+ and unlisted keys will not be present. If
|
|
|
+ a key is specified which is not present
|
|
|
+ in the ConfigMap, the volume setup will
|
|
|
+ error unless it is marked optional. Paths
|
|
|
+ must be relative and may not contain the
|
|
|
+ '..' path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path
|
|
|
+ within a volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode
|
|
|
+ bits used to set permissions on this
|
|
|
+ file. Must be an octal value between
|
|
|
+ 0000 and 0777 or a decimal value between
|
|
|
+ 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires
|
|
|
+ decimal values for mode bits. If not
|
|
|
+ specified, the volume defaultMode
|
|
|
+ will be used. This might be in conflict
|
|
|
+ with other options that affect the
|
|
|
+ file mode, like fsGroup, and the result
|
|
|
+ can be other mode bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path
|
|
|
+ of the file to map the key to. May
|
|
|
+ not be an absolute path. May not contain
|
|
|
+ the path element '..'. May not start
|
|
|
+ with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: optional specify whether the
|
|
|
+ ConfigMap or its keys must be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ downwardAPI:
|
|
|
+ description: downwardAPI information about the
|
|
|
+ downwardAPI data to project
|
|
|
+ properties:
|
|
|
+ items:
|
|
|
+ description: Items is a list of DownwardAPIVolume
|
|
|
+ file
|
|
|
+ items:
|
|
|
+ description: DownwardAPIVolumeFile represents
|
|
|
+ information to create the file containing
|
|
|
+ the pod field
|
|
|
+ properties:
|
|
|
+ fieldRef:
|
|
|
+ description: 'Required: Selects a field
|
|
|
+ of the pod: only annotations, labels,
|
|
|
+ name and namespace are supported.'
|
|
|
+ properties:
|
|
|
+ apiVersion:
|
|
|
+ description: Version of the schema
|
|
|
+ the FieldPath is written in terms
|
|
|
+ of, defaults to "v1".
|
|
|
+ type: string
|
|
|
+ fieldPath:
|
|
|
+ description: Path of the field to
|
|
|
+ select in the specified API version.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - fieldPath
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ mode:
|
|
|
+ description: 'Optional: mode bits used
|
|
|
+ to set permissions on this file, must
|
|
|
+ be an octal value between 0000 and
|
|
|
+ 0777 or a decimal value between 0
|
|
|
+ and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal
|
|
|
+ values for mode bits. If not specified,
|
|
|
+ the volume defaultMode will be used.
|
|
|
+ This might be in conflict with other
|
|
|
+ options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be
|
|
|
+ other mode bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: 'Required: Path is the
|
|
|
+ relative path name of the file to
|
|
|
+ be created. Must not be absolute or
|
|
|
+ contain the ''..'' path. Must be utf-8
|
|
|
+ encoded. The first item of the relative
|
|
|
+ path must not start with ''..'''
|
|
|
+ type: string
|
|
|
+ resourceFieldRef:
|
|
|
+ description: 'Selects a resource of
|
|
|
+ the container: only resources limits
|
|
|
+ and requests (limits.cpu, limits.memory,
|
|
|
+ requests.cpu and requests.memory)
|
|
|
+ are currently supported.'
|
|
|
+ properties:
|
|
|
+ containerName:
|
|
|
+ description: 'Container name: required
|
|
|
+ for volumes, optional for env
|
|
|
+ vars'
|
|
|
+ type: string
|
|
|
+ divisor:
|
|
|
+ anyOf:
|
|
|
+ - type: integer
|
|
|
+ - type: string
|
|
|
+ description: Specifies the output
|
|
|
+ format of the exposed resources,
|
|
|
+ defaults to "1"
|
|
|
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
|
+ x-kubernetes-int-or-string: true
|
|
|
+ resource:
|
|
|
+ description: 'Required: resource
|
|
|
+ to select'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - resource
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ secret:
|
|
|
+ description: secret information about the secret
|
|
|
+ data to project
|
|
|
+ properties:
|
|
|
+ items:
|
|
|
+ description: items if unspecified, each key-value
|
|
|
+ pair in the Data field of the referenced
|
|
|
+ Secret will be projected into the volume
|
|
|
+ as a file whose name is the key and content
|
|
|
+ is the value. If specified, the listed keys
|
|
|
+ will be projected into the specified paths,
|
|
|
+ and unlisted keys will not be present. If
|
|
|
+ a key is specified which is not present
|
|
|
+ in the Secret, the volume setup will error
|
|
|
+ unless it is marked optional. Paths must
|
|
|
+ be relative and may not contain the '..'
|
|
|
+ path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path
|
|
|
+ within a volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode
|
|
|
+ bits used to set permissions on this
|
|
|
+ file. Must be an octal value between
|
|
|
+ 0000 and 0777 or a decimal value between
|
|
|
+ 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires
|
|
|
+ decimal values for mode bits. If not
|
|
|
+ specified, the volume defaultMode
|
|
|
+ will be used. This might be in conflict
|
|
|
+ with other options that affect the
|
|
|
+ file mode, like fsGroup, and the result
|
|
|
+ can be other mode bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path
|
|
|
+ of the file to map the key to. May
|
|
|
+ not be an absolute path. May not contain
|
|
|
+ the path element '..'. May not start
|
|
|
+ with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info:
|
|
|
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion,
|
|
|
+ kind, uid?'
|
|
|
+ type: string
|
|
|
+ optional:
|
|
|
+ description: optional field specify whether
|
|
|
+ the Secret or its key must be defined
|
|
|
+ type: boolean
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ serviceAccountToken:
|
|
|
+ description: serviceAccountToken is information
|
|
|
+ about the serviceAccountToken data to project
|
|
|
+ properties:
|
|
|
+ audience:
|
|
|
+ description: audience is the intended audience
|
|
|
+ of the token. A recipient of a token must
|
|
|
+ identify itself with an identifier specified
|
|
|
+ in the audience of the token, and otherwise
|
|
|
+ should reject the token. The audience defaults
|
|
|
+ to the identifier of the apiserver.
|
|
|
+ type: string
|
|
|
+ expirationSeconds:
|
|
|
+ description: expirationSeconds is the requested
|
|
|
+ duration of validity of the service account
|
|
|
+ token. As the token approaches expiration,
|
|
|
+ the kubelet volume plugin will proactively
|
|
|
+ rotate the service account token. The kubelet
|
|
|
+ will start trying to rotate the token if
|
|
|
+ the token is older than 80 percent of its
|
|
|
+ time to live or if the token is older than
|
|
|
+ 24 hours.Defaults to 1 hour and must be
|
|
|
+ at least 10 minutes.
|
|
|
+ format: int64
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the path relative to
|
|
|
+ the mount point of the file to project the
|
|
|
+ token into.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ type: object
|
|
|
+ quobyte:
|
|
|
+ description: quobyte represents a Quobyte mount on the host
|
|
|
+ that shares a pod's lifetime
|
|
|
+ properties:
|
|
|
+ group:
|
|
|
+ description: group to map volume access to Default is
|
|
|
+ no group
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly here will force the Quobyte volume
|
|
|
+ to be mounted with read-only permissions. Defaults
|
|
|
+ to false.
|
|
|
+ type: boolean
|
|
|
+ registry:
|
|
|
+ description: registry represents a single or multiple
|
|
|
+ Quobyte Registry services specified as a string as
|
|
|
+ host:port pair (multiple entries are separated with
|
|
|
+ commas) which acts as the central registry for volumes
|
|
|
+ type: string
|
|
|
+ tenant:
|
|
|
+ description: tenant owning the given Quobyte volume
|
|
|
+ in the Backend Used with dynamically provisioned Quobyte
|
|
|
+ volumes, value is set by the plugin
|
|
|
+ type: string
|
|
|
+ user:
|
|
|
+ description: user to map volume access to Defaults to
|
|
|
+ serivceaccount user
|
|
|
+ type: string
|
|
|
+ volume:
|
|
|
+ description: volume is a string that references an already
|
|
|
+ created Quobyte volume by name.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - registry
|
|
|
+ - volume
|
|
|
+ type: object
|
|
|
+ rbd:
|
|
|
+ description: 'rbd represents a Rados Block Device mount
|
|
|
+ on the host that shares a pod''s lifetime. More info:
|
|
|
+ https://examples.k8s.io/volumes/rbd/README.md'
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: 'fsType is the filesystem type of the volume
|
|
|
+ that you want to mount. Tip: Ensure that the filesystem
|
|
|
+ type is supported by the host operating system. Examples:
|
|
|
+ "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
|
|
|
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
|
|
|
+ TODO: how do we prevent errors in the filesystem from
|
|
|
+ compromising the machine'
|
|
|
+ type: string
|
|
|
+ image:
|
|
|
+ description: 'image is the rados image name. More info:
|
|
|
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ keyring:
|
|
|
+ description: 'keyring is the path to key ring for RBDUser.
|
|
|
+ Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ monitors:
|
|
|
+ description: 'monitors is a collection of Ceph monitors.
|
|
|
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ items:
|
|
|
+ type: string
|
|
|
+ type: array
|
|
|
+ pool:
|
|
|
+ description: 'pool is the rados pool name. Default is
|
|
|
+ rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: 'readOnly here will force the ReadOnly
|
|
|
+ setting in VolumeMounts. Defaults to false. More info:
|
|
|
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: 'secretRef is name of the authentication
|
|
|
+ secret for RBDUser. If provided overrides keyring.
|
|
|
+ Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ user:
|
|
|
+ description: 'user is the rados user name. Default is
|
|
|
+ admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - image
|
|
|
+ - monitors
|
|
|
+ type: object
|
|
|
+ scaleIO:
|
|
|
+ description: scaleIO represents a ScaleIO persistent volume
|
|
|
+ attached and mounted on Kubernetes nodes.
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
|
|
|
+ type: string
|
|
|
+ gateway:
|
|
|
+ description: gateway is the host address of the ScaleIO
|
|
|
+ API Gateway.
|
|
|
+ type: string
|
|
|
+ protectionDomain:
|
|
|
+ description: protectionDomain is the name of the ScaleIO
|
|
|
+ Protection Domain for the configured storage.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly Defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: secretRef references to the secret for
|
|
|
+ ScaleIO user and other sensitive information. If this
|
|
|
+ is not provided, Login operation will fail.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ sslEnabled:
|
|
|
+ description: sslEnabled Flag enable/disable SSL communication
|
|
|
+ with Gateway, default false
|
|
|
+ type: boolean
|
|
|
+ storageMode:
|
|
|
+ description: storageMode indicates whether the storage
|
|
|
+ for a volume should be ThickProvisioned or ThinProvisioned.
|
|
|
+ Default is ThinProvisioned.
|
|
|
+ type: string
|
|
|
+ storagePool:
|
|
|
+ description: storagePool is the ScaleIO Storage Pool
|
|
|
+ associated with the protection domain.
|
|
|
+ type: string
|
|
|
+ system:
|
|
|
+ description: system is the name of the storage system
|
|
|
+ as configured in ScaleIO.
|
|
|
+ type: string
|
|
|
+ volumeName:
|
|
|
+ description: volumeName is the name of a volume already
|
|
|
+ created in the ScaleIO system that is associated with
|
|
|
+ this volume source.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - gateway
|
|
|
+ - secretRef
|
|
|
+ - system
|
|
|
+ type: object
|
|
|
+ secret:
|
|
|
+ description: 'secret represents a secret that should populate
|
|
|
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
|
|
+ properties:
|
|
|
+ defaultMode:
|
|
|
+ description: 'defaultMode is Optional: mode bits used
|
|
|
+ to set permissions on created files by default. Must
|
|
|
+ be an octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal and
|
|
|
+ decimal values, JSON requires decimal values for mode
|
|
|
+ bits. Defaults to 0644. Directories within the path
|
|
|
+ are not affected by this setting. This might be in
|
|
|
+ conflict with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode bits
|
|
|
+ set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ items:
|
|
|
+ description: items If unspecified, each key-value pair
|
|
|
+ in the Data field of the referenced Secret will be
|
|
|
+ projected into the volume as a file whose name is
|
|
|
+ the key and content is the value. If specified, the
|
|
|
+ listed keys will be projected into the specified paths,
|
|
|
+ and unlisted keys will not be present. If a key is
|
|
|
+ specified which is not present in the Secret, the
|
|
|
+ volume setup will error unless it is marked optional.
|
|
|
+ Paths must be relative and may not contain the '..'
|
|
|
+ path or start with '..'.
|
|
|
+ items:
|
|
|
+ description: Maps a string key to a path within a
|
|
|
+ volume.
|
|
|
+ properties:
|
|
|
+ key:
|
|
|
+ description: key is the key to project.
|
|
|
+ type: string
|
|
|
+ mode:
|
|
|
+ description: 'mode is Optional: mode bits used
|
|
|
+ to set permissions on this file. Must be an
|
|
|
+ octal value between 0000 and 0777 or a decimal
|
|
|
+ value between 0 and 511. YAML accepts both octal
|
|
|
+ and decimal values, JSON requires decimal values
|
|
|
+ for mode bits. If not specified, the volume
|
|
|
+ defaultMode will be used. This might be in conflict
|
|
|
+ with other options that affect the file mode,
|
|
|
+ like fsGroup, and the result can be other mode
|
|
|
+ bits set.'
|
|
|
+ format: int32
|
|
|
+ type: integer
|
|
|
+ path:
|
|
|
+ description: path is the relative path of the
|
|
|
+ file to map the key to. May not be an absolute
|
|
|
+ path. May not contain the path element '..'.
|
|
|
+ May not start with the string '..'.
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - key
|
|
|
+ - path
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ optional:
|
|
|
+ description: optional field specify whether the Secret
|
|
|
+ or its keys must be defined
|
|
|
+ type: boolean
|
|
|
+ secretName:
|
|
|
+ description: 'secretName is the name of the secret in
|
|
|
+ the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ storageos:
|
|
|
+ description: storageOS represents a StorageOS volume attached
|
|
|
+ and mounted on Kubernetes nodes.
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is the filesystem type to mount.
|
|
|
+ Must be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ readOnly:
|
|
|
+ description: readOnly defaults to false (read/write).
|
|
|
+ ReadOnly here will force the ReadOnly setting in VolumeMounts.
|
|
|
+ type: boolean
|
|
|
+ secretRef:
|
|
|
+ description: secretRef specifies the secret to use for
|
|
|
+ obtaining the StorageOS API credentials. If not specified,
|
|
|
+ default values will be attempted.
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
|
|
+ TODO: Add other useful fields. apiVersion, kind,
|
|
|
+ uid?'
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ x-kubernetes-map-type: atomic
|
|
|
+ volumeName:
|
|
|
+ description: volumeName is the human-readable name of
|
|
|
+ the StorageOS volume. Volume names are only unique
|
|
|
+ within a namespace.
|
|
|
+ type: string
|
|
|
+ volumeNamespace:
|
|
|
+ description: volumeNamespace specifies the scope of
|
|
|
+ the volume within StorageOS. If no namespace is specified
|
|
|
+ then the Pod's namespace will be used. This allows
|
|
|
+ the Kubernetes name scoping to be mirrored within
|
|
|
+ StorageOS for tighter integration. Set VolumeName
|
|
|
+ to any name to override the default behaviour. Set
|
|
|
+ to "default" if you are not using namespaces within
|
|
|
+ StorageOS. Namespaces that do not pre-exist within
|
|
|
+ StorageOS will be created.
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ vsphereVolume:
|
|
|
+ description: vsphereVolume represents a vSphere volume attached
|
|
|
+ and mounted on kubelets host machine
|
|
|
+ properties:
|
|
|
+ fsType:
|
|
|
+ description: fsType is filesystem type to mount. Must
|
|
|
+ be a filesystem type supported by the host operating
|
|
|
+ system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
|
|
|
+ to be "ext4" if unspecified.
|
|
|
+ type: string
|
|
|
+ storagePolicyID:
|
|
|
+ description: storagePolicyID is the storage Policy Based
|
|
|
+ Management (SPBM) profile ID associated with the StoragePolicyName.
|
|
|
+ type: string
|
|
|
+ storagePolicyName:
|
|
|
+ description: storagePolicyName is the storage Policy
|
|
|
+ Based Management (SPBM) profile name.
|
|
|
+ type: string
|
|
|
+ volumePath:
|
|
|
+ description: volumePath is the path that identifies
|
|
|
+ vSphere volume vmdk
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - volumePath
|
|
|
+ type: object
|
|
|
+ required:
|
|
|
+ - name
|
|
|
+ type: object
|
|
|
+ type: array
|
|
|
+ required:
|
|
|
+ - containers
|
|
|
+ type: object
|
|
|
+ routeTo:
|
|
|
+ description: Set which service traffic should go
|
|
|
+ enum:
|
|
|
+ - Blue
|
|
|
+ - Green
|
|
|
+ type: string
|
|
|
+ required:
|
|
|
+ - routeTo
|
|
|
+ type: object
|
|
|
+ status:
|
|
|
+ description: BlueGreenStatus defines the observed state of BlueGreen
|
|
|
+ properties:
|
|
|
+ routeTo:
|
|
|
+ enum:
|
|
|
+ - Blue
|
|
|
+ - Green
|
|
|
+ type: string
|
|
|
+ type: object
|
|
|
+ type: object
|
|
|
+ served: true
|
|
|
+ storage: true
|
|
|
+ subresources:
|
|
|
+ status: {}
|
scotty.scott